CVE-2024-56690: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-56690 affects the Linux kernel's crypto subsystem, specifically the pcrypt module. The vulnerability was discovered and disclosed on December 28, 2024. The issue stems from a previous fix (commit 8f4f68e788c3) that caused pcrypt encryption and decryption operations to return -EAGAIN when CPU goes online or offline, which could trigger an unnecessary kernel panic when paniconwarn is set to 1 (NVD).

The vulnerability exists in the pcrypt module's handling of parallel encryption and decryption operations. When padatadoparallel() returns -EBUSY, the operations would return -EAGAIN, which triggers a WARN in algtest(). This could lead to an unnecessary kernel panic if panicon_warn is set to 1. The fix involves modifying the behavior to call the crypto layer directly without parallelization when -EBUSY is encountered (Kernel Commit).

The vulnerability could cause system instability and potential denial of service through kernel panics on affected Linux systems when specific conditions are met, particularly when paniconwarn is enabled (NVD).

The issue has been patched in multiple Linux kernel versions. The fix involves modifying the pcrypt module to handle -EBUSY returns from padatadoparallel() by falling back to non-parallel crypto operations instead of returning -EAGAIN. This patch has been backported to various stable kernel versions (Debian Update).