CVE-2024-42126 in Linuxinfo

Summary

by MITRE • 07/30/2024

In the Linux kernel, the following vulnerability has been resolved:

powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.

nmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel crash when invoked during real mode interrupt handling (e.g. early HMI/MCE interrupt handler) if percpu allocation comes from vmalloc area.

Early HMI/MCE handlers are called through DEFINE_INTERRUPT_HANDLER_NMI() wrapper which invokes nmi_enter/nmi_exit calls. We don't see any issue when percpu allocation is from the embedded first chunk. However with CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there are chances where percpu allocation can come from the vmalloc area.

With kernel command line "percpu_alloc=page" we can force percpu allocation to come from vmalloc area and can see kernel crash in machine_check_early:

[ 1.215714] NIP [c000000000e49eb4] rcu_nmi_enter+0x24/0x110
[ 1.215717] LR [c0000000000461a0] machine_check_early+0xf0/0x2c0
[ 1.215719] --- interrupt: 200
[ 1.215720] [c000000fffd73180] [0000000000000000] 0x0 (unreliable)
[ 1.215722] [c000000fffd731b0] [0000000000000000] 0x0
[ 1.215724] [c000000fffd73210] [c000000000008364] machine_check_early_common+0x134/0x1f8

Fix this by avoiding use of nmi_enter()/nmi_exit() in real mode if percpu first chunk is not embedded.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 10/06/2025

The vulnerability described in CVE-2024-42126 affects the Linux kernel's handling of non-maskable interrupts on powerpc architectures, specifically when dealing with early hardware machine check and hardware memory error interrupts. This issue stems from the improper invocation of nmi_enter() and nmi_exit() functions during real mode interrupt processing, which can lead to kernel crashes when percpu memory allocations are sourced from the vmalloc area rather than the embedded first chunk. The problem manifests in early HMI/MCE interrupt handlers that are invoked through the DEFINE_INTERRUPT_HANDLER_NMI() wrapper, creating a scenario where kernel memory management operations become incompatible with the constraints of real mode execution contexts.

The technical flaw occurs because nmi_enter() and nmi_exit() functions interact with percpu variables that require specific memory allocation patterns. When CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK is enabled, the kernel may allocate percpu data structures from the vmalloc area instead of the traditional embedded memory regions. This configuration change, which can be forced through the kernel command line parameter "percpu_alloc=page", creates a conflict when these functions are called during real mode interrupt handling. The kernel crash appears in the machine_check_early function where the rcu_nmi_enter function attempts to access percpu data structures that are not properly accessible in the real mode context, leading to memory access violations and system instability.

The operational impact of this vulnerability is significant for systems running Linux on powerpc hardware that utilize early interrupt handling for critical hardware error conditions. Systems experiencing machine check exceptions or memory errors during early boot phases or critical operations may encounter unexpected kernel panics and system crashes. This vulnerability affects the reliability of hardware error reporting mechanisms and can prevent proper system recovery from hardware failures. The issue is particularly concerning for enterprise and server environments where hardware monitoring and error reporting are critical for system stability and maintenance operations, as it can cause complete system downtime during hardware error conditions.

The fix implemented addresses this vulnerability by preventing the use of nmi_enter() and nmi_exit() functions when operating in real mode interrupt contexts, specifically when the percpu first chunk is not embedded in the kernel's memory layout. This solution follows the principle of avoiding complex kernel operations during early boot and critical interrupt handling phases where memory management constraints are more restrictive. The mitigation strategy aligns with security best practices for kernel development by reducing the attack surface and preventing memory access violations in critical system paths. This change ensures that early hardware error handling can proceed reliably without triggering kernel crashes due to improper percpu memory management operations. The solution also reflects the broader security principle of minimizing kernel complexity in sensitive execution contexts, as outlined in various kernel security frameworks and vulnerability management standards.

Responsible

Linux

Reservation

07/29/2024

Disclosure

07/30/2024

Moderation

accepted

CPE

ready

EPSS

0.00228

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!