{"uuid": "5c5dddbd-db48-4872-ae89-fd8d10e12038", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-50138", "type": "seen", "source": "https://t.me/cvedetector/9913", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50138 - Qualcomm Linux BPF Ringbuf Spinlock Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50138 \nPublished : Nov. 5, 2024, 6:15 p.m. | 22\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nbpf: Use raw_spinlock_t in ringbuf  \n  \nThe function __bpf_ringbuf_reserve is invoked from a tracepoint, which  \ndisables preemption. Using spinlock_t in this context can lead to a  \n\"sleep in atomic\" warning in the RT variant. This issue is illustrated  \nin the example below:  \n  \nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48  \nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 556208, name: test_progs  \npreempt_count: 1, expected: 0  \nRCU nest depth: 1, expected: 1  \nINFO: lockdep is turned off.  \nPreemption disabled at:  \n[] migrate_enable+0xc0/0x39c  \nCPU: 7 PID: 556208 Comm: test_progs Tainted: G  \nHardware name: Qualcomm SA8775P Ride (DT)  \nCall trace:  \n dump_backtrace+0xac/0x130  \n show_stack+0x1c/0x30  \n dump_stack_lvl+0xac/0xe8  \n dump_stack+0x18/0x30  \n __might_resched+0x3bc/0x4fc  \n rt_spin_lock+0x8c/0x1a4  \n __bpf_ringbuf_reserve+0xc4/0x254  \n bpf_ringbuf_reserve_dynptr+0x5c/0xdc  \n bpf_prog_ac3d15160d62622a_test_read_write+0x104/0x238  \n trace_call_bpf+0x238/0x774  \n perf_call_bpf_enter.isra.0+0x104/0x194  \n perf_syscall_enter+0x2f8/0x510  \n trace_sys_enter+0x39c/0x564  \n syscall_trace_enter+0x220/0x3c0  \n do_el0_svc+0x138/0x1dc  \n el0_svc+0x54/0x130  \n el0t_64_sync_handler+0x134/0x150  \n el0t_64_sync+0x17c/0x180  \n  \nSwitch the spinlock to raw_spinlock_t to avoid this error. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-05T19:44:12.000000Z"}