We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-56694

bpf: fix recursive lock when verdict program return SK_PASS



Description

In the Linux kernel, the following vulnerability has been resolved: bpf: fix recursive lock when verdict program return SK_PASS When the stream_verdict program returns SK_PASS, it places the received skb into its own receive queue, but a recursive lock eventually occurs, leading to an operating system deadlock. This issue has been present since v6.9. ''' sk_psock_strp_data_ready write_lock_bh(&sk->sk_callback_lock) strp_data_ready strp_read_sock read_sock -> tcp_read_sock strp_recv cb.rcv_msg -> sk_psock_strp_read # now stream_verdict return SK_PASS without peer sock assign __SK_PASS = sk_psock_map_verd(SK_PASS, NULL) sk_psock_verdict_apply sk_psock_skb_ingress_self sk_psock_skb_ingress_enqueue sk_psock_data_ready read_lock_bh(&sk->sk_callback_lock) <= dead lock ''' This topic has been discussed before, but it has not been fixed. Previous discussion: https://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch

Reserved 2024-12-27 | Published 2024-12-28 | Updated 2025-01-20 | Assigner Linux

Product status

Default status
unaffected

6648e613226e18897231ab5e42ffc29e63fa3365 before 078f7e1521442a55db4bed812a2fbaf02ac33819
affected

c0809c128dad4c3413818384eb06a341633db973 before 221109ba2127eabd0aa64718543638b58b15df56
affected

5965bc7535fb87510b724e5465ccc1a1cf00916d before 6694f7acd625ed854bf6342926e771d65dad7f69
affected

39dc9e1442385d6e9be0b6491ee488dddd55ae27 before 386efa339e08563dd33e83bc951aea5d407fe578
affected

b397a0ab8582c533ec0c6b732392f141fc364f87 before da2bc8a0c8f3ac66fdf980fc59936f851a083561
affected

6648e613226e18897231ab5e42ffc29e63fa3365 before 01f1b88acfd79103da0610b45471f6c88ea98d72
affected

6648e613226e18897231ab5e42ffc29e63fa3365 before f84c5ef6ca23cc2f72f3b830d74f67944684bb05
affected

6648e613226e18897231ab5e42ffc29e63fa3365 before 8ca2a1eeadf09862190b2810697702d803ceef2d
affected

Default status
affected

6.9
affected

Any version before 6.9
unaffected

5.4.289
unaffected

5.10.233
unaffected

5.15.174
unaffected

6.1.120
unaffected

6.6.64
unaffected

6.11.11
unaffected

6.12.2
unaffected

6.13
unaffected

References

git.kernel.org/...c/078f7e1521442a55db4bed812a2fbaf02ac33819

git.kernel.org/...c/221109ba2127eabd0aa64718543638b58b15df56

git.kernel.org/...c/6694f7acd625ed854bf6342926e771d65dad7f69

git.kernel.org/...c/386efa339e08563dd33e83bc951aea5d407fe578

git.kernel.org/...c/da2bc8a0c8f3ac66fdf980fc59936f851a083561

git.kernel.org/...c/01f1b88acfd79103da0610b45471f6c88ea98d72

git.kernel.org/...c/f84c5ef6ca23cc2f72f3b830d74f67944684bb05

git.kernel.org/...c/8ca2a1eeadf09862190b2810697702d803ceef2d

cve.org (CVE-2024-56694)

nvd.nist.gov (CVE-2024-56694)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-56694

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.