CVE-2024-50140: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel versions 6.4 through 6.11.6, a vulnerability was discovered in the task_tick_mm_cid() function. The issue occurs when KASAN and PREEMPT_RT are enabled, where calling task_work_add() may cause a sleeping function to be called from an invalid context (NVD, Kernel Patch).

The vulnerability manifests when the scheduler tick (sched_tick()) acquires the rq->__lock and calls task_tick_mm_cid(), which then triggers a chain of function calls leading to page allocation attempts while holding a raw_spinlock_t. This violates the kernel's locking rules as sleeping is not allowed while holding raw spinlocks. The issue was introduced in kernel v6.4 by commit 223baf9d17f2 which aimed to fix a performance regression related to mm_cid (Kernel Patch).

When triggered, the vulnerability causes a kernel BUG report with the message 'sleeping function called from invalid context', potentially leading to system instability. The CVSS v3.1 base score is 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The issue has been fixed by adding a new TWAF_NO_ALLOC flag to task_work_add() which enables calling kasan_record_aux_stack_noalloc() instead of kasan_record_aux_stack(). This prevents page allocation while holding the spinlock. Users should upgrade to kernel versions containing the fix (Kernel Patch).