CVE-2024-57949: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-57949 affects the Linux kernel's interrupt handling mechanism in the GICv3 ITS (Interrupt Translation Service) component. The vulnerability was discovered when a specific call chain in the itsirqsetvcpuaffinity() function was found to incorrectly enable interrupts in a nested interrupt disabled section. This issue affects Linux kernel versions from 6.1.95 to 6.1.127, 6.6.35 to 6.6.74, and 6.9.6 to 6.12.11, as well as various release candidates of version 6.13 (NVD).

The vulnerability stems from a code change introduced in commit b97e8a2f7130 that replaced rawspin[un]lock() pairs with guard(rawspinlockirq). The problematic call chain sequence is: irqsetvcpuaffinity() -> irqgetdesclock() -> rawspinlockirqsave() (disables interrupts) -> itsirqsetvcpuaffinity() -> guard(rawspinlockirq) (enables interrupts when leaving) -> irqputdescunlock() (warns due to enabled interrupts). The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to improper interrupt handling in the Linux kernel's GICv3 ITS component, potentially causing system instability or denial of service conditions. The CVSS scoring indicates that while the vulnerability requires local access and low privileges, it can have a high impact on system availability (NVD).

The issue has been fixed by modifying the code to use guard(rawspinlock) instead of guard(rawspinlockirq) in the itsirqsetvcpu_affinity() function. The fix has been implemented in various kernel versions through patches (Kernel Patch).