CVE-2024-58057
Description
In the Linux kernel, the following vulnerability has been resolved: idpf: convert workqueues to unbound When a workqueue is created with `WQ_UNBOUND`, its work items are served by special worker-pools, whose host workers are not bound to any specific CPU. In the default configuration (i.e. when `queue_delayed_work` and friends do not specify which CPU to run the work item on), `WQ_UNBOUND` allows the work item to be executed on any CPU in the same node of the CPU it was enqueued on. While this solution potentially sacrifices locality, it avoids contention with other processes that might dominate the CPU time of the processor the work item was scheduled on. This is not just a theoretical problem: in a particular scenario misconfigured process was hogging most of the time from CPU0, leaving less than 0.5% of its CPU time to the kworker. The IDPF workqueues that were using the kworker on CPU0 suffered large completion delays as a result, causing performance degradation, timeouts and eventual system crash. * I have also run a manual test to gauge the performance improvement. The test consists of an antagonist process (`./stress --cpu 2`) consuming as much of CPU 0 as possible. This process is run under `taskset 01` to bind it to CPU0, and its priority is changed with `chrt -pQ 9900 10000 ${pid}` and `renice -n -20 ${pid}` after start. Then, the IDPF driver is forced to prefer CPU0 by editing all calls to `queue_delayed_work`, `mod_delayed_work`, etc... to use CPU 0. Finally, `ktraces` for the workqueue events are collected. Without the current patch, the antagonist process can force arbitrary delays between `workqueue_queue_work` and `workqueue_execute_start`, that in my tests were as high as `30ms`. With the current patch applied, the workqueue can be migrated to another unloaded CPU in the same node, and, keeping everything else equal, the maximum delay I could see was `6us`.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-20518.html
Vendor advisory: alma — https://bugzilla.redhat.com/2383441
Vendor advisory: alma — https://bugzilla.redhat.com/2376076
Vendor advisory: alma — https://bugzilla.redhat.com/2369184
Vendor advisory: alma — https://bugzilla.redhat.com/2363380
Vendor advisory: alma — https://bugzilla.redhat.com/2360215
Vendor advisory: alma — https://bugzilla.redhat.com/2351633
Vendor advisory: alma — https://bugzilla.redhat.com/2351629
Vendor advisory: alma — https://bugzilla.redhat.com/2351625
Vendor advisory: alma — https://bugzilla.redhat.com/2351624
Vendor advisory: alma — https://bugzilla.redhat.com/2351620
Vendor advisory: alma — https://bugzilla.redhat.com/2351618
Vendor advisory: alma — https://bugzilla.redhat.com/2351616
Vendor advisory: alma — https://bugzilla.redhat.com/2351613
Vendor advisory: alma — https://bugzilla.redhat.com/2351612
Vendor advisory: alma — https://bugzilla.redhat.com/2351608
Vendor advisory: alma — https://bugzilla.redhat.com/2351606
Vendor advisory: alma — https://bugzilla.redhat.com/2350726
Vendor advisory: alma — https://bugzilla.redhat.com/2350725
Vendor advisory: alma — https://bugzilla.redhat.com/2350589
Vendor advisory: alma — https://bugzilla.redhat.com/2350585
Vendor advisory: alma — https://bugzilla.redhat.com/2350400
Vendor advisory: alma — https://bugzilla.redhat.com/2350397
Vendor advisory: alma — https://bugzilla.redhat.com/2350396
Vendor advisory: alma — https://bugzilla.redhat.com/2350392
Vendor advisory: alma — https://bugzilla.redhat.com/2350388
Vendor advisory: alma — https://bugzilla.redhat.com/2350386
Vendor advisory: alma — https://bugzilla.redhat.com/2350375
Vendor advisory: alma — https://bugzilla.redhat.com/2350374
Vendor advisory: alma — https://bugzilla.redhat.com/2350367
Vendor advisory: alma — https://bugzilla.redhat.com/2350363
Vendor advisory: alma — https://bugzilla.redhat.com/2348901
Vendor advisory: alma — https://bugzilla.redhat.com/2348654
Vendor advisory: alma — https://bugzilla.redhat.com/2348650
Vendor advisory: alma — https://bugzilla.redhat.com/2348645
Vendor advisory: alma — https://bugzilla.redhat.com/2348634
Vendor advisory: alma — https://bugzilla.redhat.com/2348625
Vendor advisory: alma — https://bugzilla.redhat.com/2348620
Vendor advisory: alma — https://bugzilla.redhat.com/2348615
Vendor advisory: alma — https://bugzilla.redhat.com/2348601
Vendor advisory: alma — https://bugzilla.redhat.com/2348600
Vendor advisory: alma — https://bugzilla.redhat.com/2348597
Vendor advisory: alma — https://bugzilla.redhat.com/2348595
Vendor advisory: alma — https://bugzilla.redhat.com/2348587
Vendor advisory: alma — https://bugzilla.redhat.com/2348585
Vendor advisory: alma — https://bugzilla.redhat.com/2348584
Vendor advisory: alma — https://bugzilla.redhat.com/2348581
Vendor advisory: alma — https://bugzilla.redhat.com/2348578
Vendor advisory: alma — https://bugzilla.redhat.com/2348577
Vendor advisory: alma — https://bugzilla.redhat.com/2348574
Vendor advisory: alma — https://bugzilla.redhat.com/2348573
Vendor advisory: alma — https://bugzilla.redhat.com/2348566
Vendor advisory: alma — https://bugzilla.redhat.com/2348556
Vendor advisory: alma — https://bugzilla.redhat.com/2348554
Vendor advisory: alma — https://bugzilla.redhat.com/2348550
Vendor advisory: alma — https://bugzilla.redhat.com/2348547
Vendor advisory: alma — https://bugzilla.redhat.com/2348543
Vendor advisory: alma — https://bugzilla.redhat.com/2348541
Vendor advisory: alma — https://bugzilla.redhat.com/2348528
Vendor advisory: alma — https://bugzilla.redhat.com/2348523
Vendor advisory: alma — https://bugzilla.redhat.com/2348515
Vendor advisory: alma — https://bugzilla.redhat.com/2348279
Vendor advisory: alma — https://bugzilla.redhat.com/2348240
Vendor advisory: alma — https://bugzilla.redhat.com/2348238
Vendor advisory: alma — https://bugzilla.redhat.com/2348071
Vendor advisory: alma — https://bugzilla.redhat.com/2348022
Vendor advisory: alma — https://bugzilla.redhat.com/2347968
Vendor advisory: alma — https://bugzilla.redhat.com/2347919
Vendor advisory: alma — https://bugzilla.redhat.com/2347859
Vendor advisory: alma — https://bugzilla.redhat.com/2347807
Vendor advisory: alma — https://bugzilla.redhat.com/2347781
Vendor advisory: alma — https://bugzilla.redhat.com/2347759
Vendor advisory: alma — https://bugzilla.redhat.com/2347753
Vendor advisory: alma — https://bugzilla.redhat.com/2347707
Vendor advisory: alma — https://bugzilla.redhat.com/2346272
Vendor advisory: alma — https://bugzilla.redhat.com/2345240
Vendor advisory: alma — https://bugzilla.redhat.com/2344687
Vendor advisory: alma — https://bugzilla.redhat.com/2344684
Vendor advisory: alma — https://bugzilla.redhat.com/2343175
Vendor advisory: alma — https://bugzilla.redhat.com/2343172
Vendor advisory: alma — https://bugzilla.redhat.com/2338832
Vendor advisory: alma — https://bugzilla.redhat.com/2338828
Vendor advisory: alma — https://bugzilla.redhat.com/2338814
Vendor advisory: alma — https://bugzilla.redhat.com/2337124
Vendor advisory: alma — https://bugzilla.redhat.com/2337121
Vendor advisory: alma — https://bugzilla.redhat.com/2336541
Vendor advisory: alma — https://bugzilla.redhat.com/2334829
Vendor advisory: alma — https://bugzilla.redhat.com/2334795
Vendor advisory: alma — https://bugzilla.redhat.com/2334676
Vendor advisory: alma — https://bugzilla.redhat.com/2334560
Vendor advisory: alma — https://bugzilla.redhat.com/2334548
Vendor advisory: alma — https://bugzilla.redhat.com/2334547
Vendor advisory: alma — https://bugzilla.redhat.com/2334537
Vendor advisory: alma — https://bugzilla.redhat.com/2334439
Vendor advisory: alma — https://bugzilla.redhat.com/2334415
Vendor advisory: alma — https://bugzilla.redhat.com/2334396
Vendor advisory: alma — https://bugzilla.redhat.com/2334357
Vendor advisory: alma — https://bugzilla.redhat.com/2331326
Vendor advisory: alma — https://bugzilla.redhat.com/2330341
Vendor advisory: alma — https://bugzilla.redhat.com/2329918
Vendor advisory: alma — https://bugzilla.redhat.com/2327887
Vendor advisory: alma — https://bugzilla.redhat.com/2327374
Vendor advisory: alma — https://bugzilla.redhat.com/2327203
Vendor advisory: alma — https://bugzilla.redhat.com/2324549
Vendor advisory: alma — https://bugzilla.redhat.com/2320722
Vendor advisory: alma — https://bugzilla.redhat.com/2320616
Vendor advisory: alma — https://bugzilla.redhat.com/2320455
Vendor advisory: alma — https://bugzilla.redhat.com/2320259
Vendor advisory: alma — https://bugzilla.redhat.com/2320172
Vendor advisory: alma — https://bugzilla.redhat.com/2313092
Vendor advisory: alma — https://bugzilla.redhat.com/2312077
Vendor advisory: alma — https://bugzilla.redhat.com/2298169
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2024-58057
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:20518
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2024-58057.html
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:20518
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| sles | affected | | |
| rocky | 9 | fixed | |
| debian | bookworm | fixed | 0 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 6.12.13-1 |
| debian | sid | fixed | 6.12.13-1 |
| debian | trixie | fixed | 6.12.13-1 |
| almalinux | 9 | fixed | kernel-doc-5.14.0-611.5.1.el9_7.noarch.rpm |
References
- https://access.redhat.com/errata/RHSA-2025:20518
- https://www.suse.com/security/cve/CVE-2024-58057.html
- https://errata.rockylinux.org/RLSA-2025:20518
- https://security-tracker.debian.org/tracker/CVE-2024-58057
- https://bugzilla.redhat.com/2298169
- https://bugzilla.redhat.com/2312077
- https://bugzilla.redhat.com/2313092
- https://bugzilla.redhat.com/2320172
- https://bugzilla.redhat.com/2320259
- https://bugzilla.redhat.com/2320455
- https://bugzilla.redhat.com/2320616
- https://bugzilla.redhat.com/2320722
- https://bugzilla.redhat.com/2324549
- https://bugzilla.redhat.com/2327203
- https://bugzilla.redhat.com/2327374
- https://bugzilla.redhat.com/2327887
- https://bugzilla.redhat.com/2329918
- https://bugzilla.redhat.com/2330341
- https://bugzilla.redhat.com/2331326
- https://bugzilla.redhat.com/2334357
- https://bugzilla.redhat.com/2334396
- https://bugzilla.redhat.com/2334415
- https://bugzilla.redhat.com/2334439
- https://bugzilla.redhat.com/2334537
- https://bugzilla.redhat.com/2334547
Verify integrity in audit chain (admin only). AS-IS.