{"id":"CVE-2024-39508","summary":"io_uring/io-wq: Use set_bit() and test_bit() at worker-\u003eflags","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/io-wq: Use set_bit() and test_bit() at worker-\u003eflags\n\nUtilize set_bit() and test_bit() on worker-\u003eflags within io_uring/io-wq\nto address potential data races.\n\nThe structure io_worker-\u003eflags may be accessed through various data\npaths, leading to concurrency issues. When KCSAN is enabled, it reveals\ndata races occurring in io_worker_handle_work and\nio_wq_activate_free_worker functions.\n\n\t BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker\n\t write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28:\n\t io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569)\n\t io_wq_worker (io_uring/io-wq.c:?)\n\u003csnip\u003e\n\n\t read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5:\n\t io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285)\n\t io_wq_enqueue (io_uring/io-wq.c:947)\n\t io_queue_iowq (io_uring/io_uring.c:524)\n\t io_req_task_submit (io_uring/io_uring.c:1511)\n\t io_handle_tw_list (io_uring/io_uring.c:1198)\n\u003csnip\u003e\n\nLine numbers against commit 18daea77cca6 (\"Merge tag 'for-linus' of\ngit://git.kernel.org/pub/scm/virt/kvm/kvm\").\n\nThese races involve writes and reads to the same memory location by\ndifferent tasks running on different CPUs. To mitigate this, refactor\nthe code to use atomic operations such as set_bit(), test_bit(), and\nclear_bit() instead of basic \"and\" and \"or\" operations. This ensures\nthread-safe manipulation of worker flags.\n\nAlso, move `create_index` to avoid holes in the structure.","modified":"2026-04-02T12:17:03.857732Z","published":"2024-07-12T12:20:39.607Z","related":["SUSE-SU-2024:2894-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2947-1","SUSE-SU-2024:3194-1","SUSE-SU-2024:3195-1","SUSE-SU-2024:3383-1","SUSE-SU-2025:20044-1","SUSE-SU-2025:20047-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39508.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1cbb0affb15470a9621267fe0a8568007553a4bf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8a565304927fbd28c9f028c492b5c1714002cbab"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ab702c3483db9046bab9f40306f1a28b22dbbdc0"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39508.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39508"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"2b188cc1bb857a9d4701ae59aa7768b5124e262e"},{"fixed":"ab702c3483db9046bab9f40306f1a28b22dbbdc0"},{"fixed":"1cbb0affb15470a9621267fe0a8568007553a4bf"},{"fixed":"8a565304927fbd28c9f028c492b5c1714002cbab"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39508.json"}}],"schema_version":"1.7.5"}