CVE-2024-42230 in Linux
Summary
by MITRE • 07/30/2024
In the Linux kernel, the following vulnerability has been resolved:
powerpc/pseries: Fix scv instruction crash with kexec
kexec on pseries disables AIL (reloc_on_exc), required for scv instruction support, before other CPUs have been shut down. This means they can execute scv instructions after AIL is disabled, which causes an interrupt at an unexpected entry location that crashes the kernel.
Change the kexec sequence to disable AIL after other CPUs have been brought down.
As a refresher, the real-mode scv interrupt vector is 0x17000, and the fixed-location head code probably couldn't easily deal with implementing such high addresses so it was just decided not to support that interrupt at all.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/19/2025
The vulnerability described in CVE-2024-42230 represents a critical kernel-level issue affecting the Linux kernel's implementation of kexec functionality on powerpc/pseries systems. This flaw occurs during the kernel execution process where the system attempts to load a new kernel image while maintaining system operation. The vulnerability specifically targets the interaction between the kexec mechanism and the AIL (reloc_on_exc) feature, which is essential for handling instruction relocation during exception processing. When kexec is invoked on pseries systems, the kernel disables AIL before shutting down other CPU cores, creating a race condition that allows active processors to execute scv instructions after the relocation mechanism has been disabled.
The technical root cause of this vulnerability lies in the improper sequencing of system shutdown operations within the kexec implementation. During normal operation, AIL must remain enabled to properly handle exceptions that occur during instruction execution, particularly those involving the scv (secure compute vector) instruction. However, the kexec process prematurely disables AIL before all other CPUs have been properly brought down, creating a window where processors can execute scv instructions that trigger interrupts at unexpected locations. This misalignment between the interrupt vector location at 0x17000 and the system's ability to handle such high-address interrupts results in kernel crashes.
The operational impact of this vulnerability is severe, as it can cause complete system crashes during legitimate kexec operations that are commonly used for system updates, kernel debugging, and recovery scenarios. The vulnerability affects systems running on powerpc/pseries architecture where kexec functionality is utilized, potentially leading to service disruption and system instability. According to CWE classification, this represents a weakness in the system's interrupt handling and resource management during system transitions, specifically CWE-362: Concurrency Issues and CWE-284: Improper Access Control. The flaw also aligns with ATT&CK techniques related to privilege escalation and system compromise through kernel-level vulnerabilities.
The fix implemented addresses this vulnerability by reordering the kexec sequence to disable AIL only after all other CPUs have been properly shut down. This ensures that no active processors can execute scv instructions during the critical transition period when AIL is being disabled. The solution effectively prevents the race condition that previously allowed for unexpected interrupt execution and system crashes. This remediation approach aligns with proper system design principles for kernel-level operations and follows established best practices for managing system transitions. The change ensures that all processors are in a consistent state before AIL is disabled, preventing the execution of scv instructions that could otherwise cause system instability. This fix represents a fundamental correction to the timing and sequence of operations during kernel execution transitions, particularly important for maintaining system reliability during critical maintenance operations.