CVE-2024-47143
📋 TL;DR
This is a Linux kernel deadlock vulnerability in the DMA debug subsystem where improper lock ordering between radix_lock and dma_hash_entry locks can cause system hangs. It affects Linux systems using DMA debugging features, particularly those with Arm Coresight tracing drivers or kswapd operations. The vulnerability can lead to denial of service but not privilege escalation.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system lockup requiring hard reboot, causing extended downtime and potential data loss in active operations.
Likely Case
System hangs or performance degradation during DMA operations, particularly when using Arm Coresight tracing or memory management operations.
If Mitigated
Minimal impact if DMA debugging is disabled or systems don't use affected tracing features.
🎯 Exploit Status
Exploitation requires specific timing conditions and DMA debugging to be active. More likely to occur accidentally during legitimate system operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commits: 3ccce34a5c3f5c9541108a451657ade621524b32, 7543c3e3b9b88212fcd0aaf5cab5588797bdc7de, 8c1b4fea8d62285f5e1a8194889b39661608bd8a, c212d91070beca0d03fef7bf988baf4ff4b3eee4, efe1b9bbf356357fdff0399af361133d6e3ba18e
Vendor Advisory: https://git.kernel.org/stable/c/3ccce34a5c3f5c9541108a451657ade621524b32
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify DMA debugging functionality if required.
🔧 Temporary Workarounds
Disable DMA debugging
linuxDisable CONFIG_DMA_API_DEBUG kernel configuration to prevent the vulnerable code path
echo 0 > /sys/kernel/debug/dma-api/debug
Or rebuild kernel without CONFIG_DMA_API_DEBUG
🧯 If You Can't Patch
- Disable Arm Coresight tracing features if not required
- Monitor system for hangs during DMA operations and have reboot procedures ready
🔍 How to Verify
Check if Vulnerable:
Check if DMA debugging is enabled: cat /sys/kernel/debug/dma-api/debug | grep -q '1' && echo 'Potentially vulnerable if using affected kernel version'Check Version:
uname -rVerify Fix Applied:
Check kernel version against patched versions from your distribution vendor and verify DMA debugging works without system hangs📡 Detection & Monitoring
Log Indicators:
- System hangs or watchdog timeouts
- Kernel panic messages related to DMA operations
- Perf event or Coresight tracing errors
Network Indicators:
- None - local vulnerability only
SIEM Query:
Search for: kernel panic OR system hang OR watchdog timeout AND (dma OR coresight OR perf_event)🔗 References
- https://git.kernel.org/stable/c/3ccce34a5c3f5c9541108a451657ade621524b32
- https://git.kernel.org/stable/c/7543c3e3b9b88212fcd0aaf5cab5588797bdc7de
- https://git.kernel.org/stable/c/8c1b4fea8d62285f5e1a8194889b39661608bd8a
- https://git.kernel.org/stable/c/c212d91070beca0d03fef7bf988baf4ff4b3eee4
- https://git.kernel.org/stable/c/efe1b9bbf356357fdff0399af361133d6e3ba18e
- https://git.kernel.org/stable/c/f2b95248a16c5186d1c658fc0aeb2f3bd95e5259
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
