RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency

Summary

CVE	CVE-2024-47696
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2024-10-21 12:15:06 UTC
Updated	2026-05-12 12:17:13 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency In the commit aee2424246f9 ("RDMA/iwcm: Fix a use-after-free related to destroying CM IDs"), the function flush_workqueue is invoked to flush the work queue iwcm_wq. But at that time, the work queue iwcm_wq was created via the function alloc_ordered_workqueue without the flag WQ_MEM_RECLAIM. Because the current process is trying to flush the whole iwcm_wq, if iwcm_wq doesn't have the flag WQ_MEM_RECLAIM, verify that the current process is not reclaiming memory or running on a workqueue which doesn't have the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee leading to a deadlock. The call trace is as below: [ 125.350876][ T1430] Call Trace: [ 125.356281][ T1430] <TASK> [ 125.361285][ T1430] ? __warn (kernel/panic.c:693) [ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219) [ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239) [ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1)) [ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621) [ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970) [ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151) [ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm [ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910) [ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) [ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161) [ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm [ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma [ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma [ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231) [ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393) [ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339) [ 125.531837][ T1430] kthread (kernel/kthread.c:389) [ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342) [ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147) [ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342) [ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257) [ 125.566487][ T1430] </TASK> [ 125.566488][ T1430] ---[ end trace 0000000000000000 ]---

Risk And Classification

Primary CVSS: v3.1 7.8 HIGH from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types: CWE-416

CVSS v3.1 Breakdown

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected d91d253c87fd1efece521ff2612078a35af673c6 da2708a19f45b4a7278adf523837c8db21d1e2b5 git	Not specified
CNA	Linux	Linux	affected 7f25f296fc9bd0435be14e89bf657cd615a23574 29b3bbd912b8db86df7a3c180b910ccb621f5635 git	Not specified
CNA	Linux	Linux	affected 94ee7ff99b87435ec63211f632918dc7f44dac79 2efe8da2ddbf873385b4bc55366d09350b408df6 git	Not specified
CNA	Linux	Linux	affected 557d035fe88d78dd51664f4dc0e1896c04c97cf6 da0392698c62397c19deb1b9e9bdf2fbb5a9420e git	Not specified
CNA	Linux	Linux	affected dc8074b8901caabb97c2d353abd6b4e7fa5a59a5 a64f30db12bdc937c5108158d98c8eab1925c548 git	Not specified
CNA	Linux	Linux	affected ff5bbbdee08287d75d72e65b72a2b76d9637892a 8b7df76356d098f85f3bd2c7cf6fb43f531893d7 git	Not specified
CNA	Linux	Linux	affected ee39384ee787e86e9db4efb843818ef0ea9cb8ae c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58 git	Not specified
CNA	Linux	Linux	affected aee2424246f9f1dadc33faa78990c1e2eb7826e4 a09dc967b3c58899e259c0aea092f421d22a0b04 git	Not specified
CNA	Linux	Linux	affected aee2424246f9f1dadc33faa78990c1e2eb7826e4 86dfdd8288907f03c18b7fb462e0e232c4f98d89 git	Not specified
CNA	Linux	Linux	affected 6.11	Not specified
CNA	Linux	Linux	unaffected 6.11 semver	Not specified
CNA	Linux	Linux	unaffected 4.19.323 4.19.* semver	Not specified
CNA	Linux	Linux	unaffected 5.4.285 5.4.* semver	Not specified
CNA	Linux	Linux	unaffected 5.10.227 5.10.* semver	Not specified
CNA	Linux	Linux	unaffected 5.15.168 5.15.* semver	Not specified
CNA	Linux	Linux	unaffected 6.1.113 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.54 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.10.13 6.10.* semver	Not specified
CNA	Linux	Linux	unaffected 6.11.2 6.11.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12 * original_commit_for_fix	Not specified
ADP	Siemens	RUGGEDCOM RST2428P	affected V3.2 custom	Not specified
ADP	Siemens	SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 Family	affected V3.2 custom	Not specified
ADP	Siemens	SCALANCE XCM-/XRM-/XCH-/XRH-300 Family	affected V3.2 custom	Not specified
ADP	Siemens	SIMATIC S7-1500 TM MFP - GNU/Linux Subsystem	affected * custom	Not specified

References

Reference	Source	Link	Tags
git.kernel.org/stable/c/8b7df76356d098f85f3bd2c7cf6fb43f531893d7	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
lists.debian.org/debian-lts-announce/2025/03/msg00002.html	af854a3a-2127-422b-91ae-364da2661108	lists.debian.org
cert-portal.siemens.com/productcert/html/ssa-265688.html	0b142b55-0307-4c5a-b3c9-f314f3fb7c5e	cert-portal.siemens.com
git.kernel.org/stable/c/a64f30db12bdc937c5108158d98c8eab1925c548	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/da0392698c62397c19deb1b9e9bdf2fbb5a9420e	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/da2708a19f45b4a7278adf523837c8db21d1e2b5	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/86dfdd8288907f03c18b7fb462e0e232c4f98d89	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/2efe8da2ddbf873385b4bc55366d09350b408df6	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
cert-portal.siemens.com/productcert/html/ssa-355557.html	0b142b55-0307-4c5a-b3c9-f314f3fb7c5e	cert-portal.siemens.com
lists.debian.org/debian-lts-announce/2025/01/msg00001.html	af854a3a-2127-422b-91ae-364da2661108	lists.debian.org
git.kernel.org/stable/c/29b3bbd912b8db86df7a3c180b910ccb621f5635	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/a09dc967b3c58899e259c0aea092f421d22a0b04	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
git.kernel.org/stable/c/c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org	Patch
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.