CVE-2024-44968: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-44968 affects the Linux kernel's tick/broadcast functionality. The vulnerability was discovered when a recent fix for making the takeover of the broadcast timer more reliable introduced a potential issue where a per CPU pointer was being accessed in preemptible context. This vulnerability affects Linux kernel versions from 6.1.103 up to (excluding) 6.1.105, from 6.6.44 up to (excluding) 6.6.46, and from 6.10.3 up to (excluding) 6.10.5 (NVD).

The vulnerability stems from a code pattern where compilers could hoist a per CPU pointer access into a non-preemptible region where the pointer is actually used. While compilers typically optimize this by hoisting the access, it's valid for the compiler to keep it at the place where the code puts it, which triggers a BUG warning: 'using smpprocessorid() in preemptible [00000000] code: caller is hotplugcpu_broadcasttickpull+0x1c/0xc0'. The issue was fixed by moving the pointer access to the actual usage site within a non-preemptible region (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 Base Score of 4.4 LOW, with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could potentially lead to system instability or denial of service conditions due to improper handling of CPU pointer access in preemptible context (Oracle Linux).

The issue has been fixed in the Linux kernel through a patch that moves the per CPU pointer access into the atomic section. The fix was implemented by Thomas Gleixner and tested by Yu Liao (Kernel Patch). Users should upgrade to kernel versions 6.1.105, 6.6.46, or 6.10.5 or later to address this vulnerability.