CVE-2024-56583: sched/deadline: Fix warning in migrate_enable for boosted tasks
In the Linux kernel, the following vulnerability has been resolved:
sched/deadline: Fix warning in migrate_enable for boosted tasks
When running the following command:
while true; do
stress-ng --cyclic 30 --timeout 30s --minimize --quiet
done
a warning is eventually triggered:
WARNING: CPU: 43 PID: 2848 at kernel/sched/deadline.c:794
setup_new_dl_entity+0x13e/0x180
...
Call Trace:
<TASK>
? show_trace_log_lvl+0x1c4/0x2df
? enqueue_dl_entity+0x631/0x6e0
? setup_new_dl_entity+0x13e/0x180
? __warn+0x7e/0xd0
? report_bug+0x11a/0x1a0
? handle_bug+0x3c/0x70
? exc_invalid_op+0x14/0x70
? asm_exc_invalid_op+0x16/0x20
enqueue_dl_entity+0x631/0x6e0
enqueue_task_dl+0x7d/0x120
__do_set_cpus_allowed+0xe3/0x280
__set_cpus_allowed_ptr_locked+0x140/0x1d0
__set_cpus_allowed_ptr+0x54/0xa0
migrate_enable+0x7e/0x150
rt_spin_unlock+0x1c/0x90
group_send_sig_info+0xf7/0x1a0
? kill_pid_info+0x1f/0x1d0
kill_pid_info+0x78/0x1d0
kill_proc_info+0x5b/0x110
__x64_sys_kill+0x93/0xc0
do_syscall_64+0x5c/0xf0
entry_SYSCALL_64_after_hwframe+0x6e/0x76
RIP: 0033:0x7f0dab31f92b
This warning occurs because set_cpus_allowed dequeues and enqueues tasks
with the ENQUEUE_RESTORE flag set. If the task is boosted, the warning
is triggered. A boosted task already had its parameters set by
rt_mutex_setprio, and a new call to setup_new_dl_entity is unnecessary,
hence the WARN_ON call.
Check if we are requeueing a boosted task and avoid calling
setup_new_dl_entity if that's the case.
Security readout for executives and security teams
Plain-English summary
This Linux kernel issue can trigger a scheduler warning when certain real-time/deadline scheduling and boosted task behavior interact. The public record does not describe data theft, privilege escalation, remote access, or active exploitation. Treat it as a kernel stability and operational-risk item until vendor advisories clarify impact.
Executive priority
Schedule remediation through normal kernel patch cycles unless your vendor assigns higher severity or affected systems support latency-critical operations. Escalate priority for production real-time workloads where kernel warnings could signal instability.
Technical view
The bug is in sched/deadline handling during migrate_enable. set_cpus_allowed requeues tasks with ENQUEUE_RESTORE; for boosted tasks, setup_new_dl_entity is called unnecessarily and hits a WARN_ON. The fix avoids setup_new_dl_entity when requeueing a boosted task.
Likely exposure
Exposure is limited to Linux systems running affected kernel versions or builds lacking the referenced stable fixes. Systems using real-time/deadline scheduling paths or workloads that exercise task migration may be more likely to encounter the warning.
Exploitation context
The bundle shows no KEV listing, no CVSS score, and no cited active exploitation. The described trigger is a local workload condition causing a kernel warning, not a documented remote attack path.
Researcher notes
The available evidence identifies a scheduler logic fix but does not provide CVSS, CWE, exploitability analysis, or downstream distro status. Validate exposure by commit inclusion, not only by upstream version numbers, because vendors may backport fixes.
Mitigation direction
Apply Linux kernel updates that include the referenced stable fixes.
Check distribution or vendor advisories for supported patched kernel packages.
Prioritize systems using real-time or deadline scheduling workloads.
Monitor kernel logs for scheduler WARN_ON events until patched.
Validation and detection
Inventory running Linux kernel versions across affected systems.
Confirm vendor kernels include the referenced stable commits or equivalent backports.
Review kernel logs for warnings involving setup_new_dl_entity or sched/deadline.
Run normal workload regression tests after kernel updates.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2024-56583 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
4Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Dec 27, 2024, 14:50 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.