CVE-2024-57838: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57838 is a vulnerability in the Linux kernel's stack depot functionality on s390 architecture, discovered and disclosed on January 11, 2025. The issue affects the stack trace de-duplication mechanism where the .irqentry.text section on s390 is empty, preventing proper stack depot filtering and de-duplication (NVD).

The vulnerability stems from an architectural issue in the s390 platform's interrupt handling implementation. The stack depot is designed to filter out everything outside of the top interrupt context as irrelevant parts of stack traces, using inirqentrytext() to identify functions within .irqentry.text and .softirqentry.text sections. While _dosoftirq() is correctly placed in the .softirqentry.text section by common code, the .irqentry.text section on s390 remains empty, leading to potential stack depot exhaustion. This can manifest as warnings indicating 'Stack depot reached limit capacity' with CPU 0 PID 286113 at lib/stackdepot.c:252 (Kernel Commit).

The primary impact of this vulnerability is the potential exhaustion of the stack depot due to an explosion of saved stack traces. This occurs because the system fails to properly de-duplicate stack traces that share the same IRQ context code path but originate from different randomly interrupted points (NVD).

The issue has been resolved by moving the IO/EXT interrupt handlers from .kprobes.text into the .irqentry.text section and updating the kprobes blacklist to include the .irqentry.text section. This fix is specifically implemented for asynchronous interrupts, while deliberately excluding program checks which are synchronous and require preserved context. The fix has been incorporated into various Linux kernel versions, with patches available for affected systems (Debian Security).