CVE-2024-56589: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56589 affects the Linux kernel's SCSI subsystem, specifically the HiSilicon SAS driver (hisi_sas). The vulnerability was discovered and disclosed on December 27, 2024, and impacts systems using the HiSilicon SAS driver with no forced preemption model kernel configuration (NVD).

The vulnerability manifests when an expander is connected to 12 high-performance SAS SSDs in systems using the no forced preemption model kernel. The issue occurs because both the hardware interrupt handler and interrupt thread execute on the same CPU. During high-performance scenarios, the irqwaitfor_interrupt() function continuously returns 0 when numerous interrupts occur, leading to continuous CPU consumption. This prevents the watchdog thread from running, ultimately resulting in a soft lockup after 22 seconds (Kernel Commit).

The vulnerability results in a CPU soft lockup condition where CPU#240 becomes stuck for 22 seconds, triggering a watchdog BUG report. This can lead to system performance degradation and potential denial of service conditions in affected systems (NVD).

The vulnerability has been patched by adding a cond_resched() call to allow the watchdog thread to execute. This fix has been implemented in multiple kernel versions and is available through distribution updates (Debian LTS).