LiveActive security incident?Get immediate response
CVE Record

CVE-2024-56583: sched/deadline: Fix warning in migrate_enable for boosted tasks

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix warning in migrate_enable for boosted tasks When running the following command: while true; do stress-ng --cyclic 30 --timeout 30s --minimize --quiet done a warning is eventually triggered: WARNING: CPU: 43 PID: 2848 at kernel/sched/deadline.c:794 setup_new_dl_entity+0x13e/0x180 ... Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? enqueue_dl_entity+0x631/0x6e0 ? setup_new_dl_entity+0x13e/0x180 ? __warn+0x7e/0xd0 ? report_bug+0x11a/0x1a0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 enqueue_dl_entity+0x631/0x6e0 enqueue_task_dl+0x7d/0x120 __do_set_cpus_allowed+0xe3/0x280 __set_cpus_allowed_ptr_locked+0x140/0x1d0 __set_cpus_allowed_ptr+0x54/0xa0 migrate_enable+0x7e/0x150 rt_spin_unlock+0x1c/0x90 group_send_sig_info+0xf7/0x1a0 ? kill_pid_info+0x1f/0x1d0 kill_pid_info+0x78/0x1d0 kill_proc_info+0x5b/0x110 __x64_sys_kill+0x93/0xc0 do_syscall_64+0x5c/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 RIP: 0033:0x7f0dab31f92b This warning occurs because set_cpus_allowed dequeues and enqueues tasks with the ENQUEUE_RESTORE flag set. If the task is boosted, the warning is triggered. A boosted task already had its parameters set by rt_mutex_setprio, and a new call to setup_new_dl_entity is unnecessary, hence the WARN_ON call. Check if we are requeueing a boosted task and avoid calling setup_new_dl_entity if that's the case.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This Linux kernel issue can trigger a scheduler warning when certain real-time/deadline scheduling and boosted task behavior interact. The public record does not describe data theft, privilege escalation, remote access, or active exploitation. Treat it as a kernel stability and operational-risk item until vendor advisories clarify impact.

Executive priority

Schedule remediation through normal kernel patch cycles unless your vendor assigns higher severity or affected systems support latency-critical operations. Escalate priority for production real-time workloads where kernel warnings could signal instability.

Technical view

The bug is in sched/deadline handling during migrate_enable. set_cpus_allowed requeues tasks with ENQUEUE_RESTORE; for boosted tasks, setup_new_dl_entity is called unnecessarily and hits a WARN_ON. The fix avoids setup_new_dl_entity when requeueing a boosted task.

Likely exposure

Exposure is limited to Linux systems running affected kernel versions or builds lacking the referenced stable fixes. Systems using real-time/deadline scheduling paths or workloads that exercise task migration may be more likely to encounter the warning.

Exploitation context

The bundle shows no KEV listing, no CVSS score, and no cited active exploitation. The described trigger is a local workload condition causing a kernel warning, not a documented remote attack path.

Researcher notes

The available evidence identifies a scheduler logic fix but does not provide CVSS, CWE, exploitability analysis, or downstream distro status. Validate exposure by commit inclusion, not only by upstream version numbers, because vendors may backport fixes.

Mitigation direction

  • Apply Linux kernel updates that include the referenced stable fixes.
  • Check distribution or vendor advisories for supported patched kernel packages.
  • Prioritize systems using real-time or deadline scheduling workloads.
  • Monitor kernel logs for scheduler WARN_ON events until patched.

Validation and detection

  • Inventory running Linux kernel versions across affected systems.
  • Confirm vendor kernels include the referenced stable commits or equivalent backports.
  • Review kernel logs for warnings involving setup_new_dl_entity or sched/deadline.
  • Run normal workload regression tests after kernel updates.
Prepared
Confidence
medium
Sources
5

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-56583 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
4Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux295d6d5e373607729bcc8182c25afe964655714f, 295d6d5e373607729bcc8182c25afe964655714f, 295d6d5e373607729bcc8182c25afe964655714f, fd8cb2e71cdd8e814cbdadddd0d0e6e3d49eaa2c, 4.14.70unaffected
LinuxLinux4.15, 0, 6.6.66, 6.12.5, 6.13affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.