CVE-2024-56585
📋 TL;DR
This CVE addresses a kernel panic vulnerability in the Linux kernel's LoongArch architecture when using PREEMPT_RT (real-time) kernels. The issue causes sleeping in atomic context errors during system boot, potentially crashing affected systems. Only systems running Linux kernels with PREEMPT_RT on LoongArch hardware are affected.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System crash during boot or runtime, leading to denial of service and potential data loss if occurring during critical operations.
Likely Case
System fails to boot properly or experiences kernel panics during initialization, requiring manual intervention to recover.
If Mitigated
No impact if not using PREEMPT_RT kernels or LoongArch hardware.
🎯 Exploit Status
This is a stability bug rather than a security vulnerability with traditional exploitation. The issue triggers during normal kernel operations on affected configurations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with fixes from commits: 08715b741f9b2a925d6485491e4907f3b29bac70, 6575e0867bd478a5d7ef1783ca1e73160807d238, 88fd2b70120d52c1010257d36776876941375490, c5f89458a2ea0800866b9fc690d3fa8367dc8f8d
Vendor Advisory: https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution. 2. For custom kernels, apply the relevant kernel commits. 3. Reboot the system to load the new kernel.
🔧 Temporary Workarounds
Disable PREEMPT_RT
linuxSwitch from PREEMPT_RT kernel to standard kernel configuration
# Reconfigure kernel without PREEMPT_RT
# Recompile kernel or switch to standard kernel package
Disable NUMA optimization for PREEMPT_RT
linuxApply the kernel fix manually by disabling NUMA optimization for PREEMPT_RT kernels
# Apply kernel patch from upstream commits
# Recompile kernel with fix applied
🧯 If You Can't Patch
- Avoid using PREEMPT_RT kernels on LoongArch hardware
- Monitor system logs for sleeping in atomic context errors and have recovery procedures ready
🔍 How to Verify
Check if Vulnerable:
Check if system uses LoongArch CPU and PREEMPT_RT kernel: uname -a | grep -i 'loongarch\|preempt_rt' and check kernel version against affected rangeCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits and system boots without 'sleeping in atomic context' errors📡 Detection & Monitoring
Log Indicators:
- BUG: sleeping function called from invalid context
- sleeping in atomic context
- kernel panic during boot on LoongArch PREEMPT_RT
SIEM Query:
source="kernel" AND ("sleeping in atomic context" OR "BUG: sleeping function called from invalid context") AND "LoongArch"🔗 References
- https://git.kernel.org/stable/c/08715b741f9b2a925d6485491e4907f3b29bac70
- https://git.kernel.org/stable/c/6575e0867bd478a5d7ef1783ca1e73160807d238
- https://git.kernel.org/stable/c/88fd2b70120d52c1010257d36776876941375490
- https://git.kernel.org/stable/c/c5f89458a2ea0800866b9fc690d3fa8367dc8f8d
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
