CVE-2024-43851: soc: xilinx: rename cpu_number1 to dummy_cpu_number
In the Linux kernel, the following vulnerability has been resolved:
soc: xilinx: rename cpu_number1 to dummy_cpu_number
The per cpu variable cpu_number1 is passed to xlnx_event_handler as
argument "dev_id", but it is not used in this function. So drop the
initialization of this variable and rename it to dummy_cpu_number.
This patch is to fix the following call trace when the kernel option
CONFIG_DEBUG_ATOMIC_SLEEP is enabled:
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper/0
preempt_count: 1, expected: 0
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.1.0 #53
Hardware name: Xilinx Versal vmk180 Eval board rev1.1 (QSPI) (DT)
Call trace:
dump_backtrace+0xd0/0xe0
show_stack+0x18/0x40
dump_stack_lvl+0x7c/0xa0
dump_stack+0x18/0x34
__might_resched+0x10c/0x140
__might_sleep+0x4c/0xa0
__kmem_cache_alloc_node+0xf4/0x168
kmalloc_trace+0x28/0x38
__request_percpu_irq+0x74/0x138
xlnx_event_manager_probe+0xf8/0x298
platform_probe+0x68/0xd8
Security readout for executives and security teams
Plain-English summary
This CVE describes a Linux kernel bug in Xilinx SoC event manager code. The public record shows a kernel warning/crash trace during boot/probe when a debug option is enabled, not a confirmed remote attack path. Business urgency is highest for organizations running Linux on Xilinx Versal or related embedded platforms.
Executive priority
Treat this as a targeted platform reliability and kernel-maintenance issue, not as proven internet-wide exploitation. Prioritize embedded Linux assets on Xilinx hardware and rely on vendor kernel updates for closure.
Technical view
The issue is in Linux kernel soc:xilinx handling. A per-CPU variable was passed as dev_id to xlnx_event_handler but was unused. The fix removes initialization and renames it dummy_cpu_number, addressing a CONFIG_DEBUG_ATOMIC_SLEEP trace involving __request_percpu_irq during xlnx_event_manager_probe.
Likely exposure
Exposure appears concentrated in Linux systems using the Xilinx SoC event manager path, especially Versal embedded hardware. The bundle lists Linux kernel versions and stable commits, but does not provide complete distro-specific affected ranges beyond a Debian LTS advisory reference.
Exploitation context
No source in the bundle claims active exploitation, and KEV is false. The evidence describes a kernel call trace under CONFIG_DEBUG_ATOMIC_SLEEP, not a public exploit. Practical impact outside affected Xilinx platform configurations is unclear from the provided sources.
Researcher notes
The source bundle lacks CVSS, CWE, exploit evidence, and detailed affected range semantics. The clearest technical signal is the upstream stable fix and the debug call trace. Validation should focus on kernel lineage, enabled Xilinx SoC code, hardware use, and distro backports.
Mitigation direction
Check vendor kernel advisories for the exact platform and distribution.
Apply the relevant Linux stable kernel update or backported vendor fix.
Prioritize Xilinx Versal or related embedded Linux deployments.
Track Debian LTS guidance if using Debian-packaged kernels.
Avoid assuming generic server exposure without confirming the affected driver path.
Validation and detection
Inventory Linux kernel versions on Xilinx-based systems.
Check whether the Xilinx event manager driver is present and used.
Compare deployed kernels against vendor fixed versions or stable commits.
Review boot logs for xlnx_event_manager_probe or atomic sleep warnings.
Confirm distribution backport status before marking systems vulnerable.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2024-43851 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.