CVE-2024-57951

Summary

CVE-2024-57951 is a vulnerability affecting the Linux kernel's hrtimers subsystem. During a CPU hotplug operation, if a CPU transitions from CPUHP_ONLINE to CPUHP_HRTIMERS_PREPARE and then back to CPUHP_ONLINE, the hrtick and clockevents are not properly restarted. This can result in incorrect assumptions by the CFS scheduler and the loss of the chance for the clockevent device to transition to oneshot mode. Additionally, the per CPU state is not fully reset, leading to potential dangling pointers. To mitigate this issue, a new callback has been added to unconditionally reset the stale per CPU state and set the online flag upon return to the online state. The online flag modification in the prepare() callback has been removed, and the remaining state is cleared in the starting callback instead.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.