CVE-2024-35991
📋 TL;DR
A race condition vulnerability in the Linux kernel's dmaengine idxd driver where improper spinlock usage could cause system crashes when managing event log workqueues. This affects systems using Intel Data Streaming Accelerator (DSA) devices with vulnerable kernel versions. The issue can lead to kernel panics and system instability.
💻 Affected Systems
- Linux kernel with idxd driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.
Likely Case
System instability or crashes when DSA devices are actively processing workloads, resulting in temporary service interruption.
If Mitigated
Minor performance impact or no noticeable effect if the race condition doesn't trigger.
🎯 Exploit Status
Exploitation requires triggering a specific race condition during workqueue operations, making it difficult to weaponize reliably.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 758071a35d9f3ffd84ff12169d081412a2f5f098, c9b732a9f73eadc638abdcf0a6d39bc7a0c1af5f, or d5638de827cff0fce77007e426ec0ffdedf68a44
Vendor Advisory: https://git.kernel.org/stable/c/758071a35d9f3ffd84ff12169d081412a2f5f098
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution vendor. 2. Reboot the system to load the new kernel. 3. Verify the fix is applied by checking kernel version or commit hash.
🔧 Temporary Workarounds
Disable idxd driver
linuxTemporarily disable the Intel DSA driver if not required
modprobe -r idxd
echo 'blacklist idxd' > /etc/modprobe.d/disable-idxd.conf
🧯 If You Can't Patch
- Monitor system logs for kernel panic or workqueue-related errors
- Consider disabling DSA hardware acceleration features if not critical
🔍 How to Verify
Check if Vulnerable:
Check if system has idxd module loaded and kernel version is vulnerable: lsmod | grep idxd && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or check dmesg for absence of workqueue-related errors after patch📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- Workqueue-related errors in dmesg
- Call traces mentioning idxd_misc_thread or drain_workqueue
Network Indicators:
- None - this is a local kernel issue
SIEM Query:
source="kernel" AND ("idxd" OR "workqueue" OR "Call Trace")🔗 References
- https://git.kernel.org/stable/c/758071a35d9f3ffd84ff12169d081412a2f5f098
- https://git.kernel.org/stable/c/c9b732a9f73eadc638abdcf0a6d39bc7a0c1af5f
- https://git.kernel.org/stable/c/d5638de827cff0fce77007e426ec0ffdedf68a44
- https://git.kernel.org/stable/c/758071a35d9f3ffd84ff12169d081412a2f5f098
- https://git.kernel.org/stable/c/c9b732a9f73eadc638abdcf0a6d39bc7a0c1af5f
- https://git.kernel.org/stable/c/d5638de827cff0fce77007e426ec0ffdedf68a44
