ghsa-f225-f9rp-hg69
Vulnerability from github
Published
2024-12-28 12:30
Modified
2025-01-09 18:32
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: fix recursive lock when verdict program return SK_PASS

When the stream_verdict program returns SK_PASS, it places the received skb into its own receive queue, but a recursive lock eventually occurs, leading to an operating system deadlock. This issue has been present since v6.9.

''' sk_psock_strp_data_ready write_lock_bh(&sk->sk_callback_lock) strp_data_ready strp_read_sock read_sock -> tcp_read_sock strp_recv cb.rcv_msg -> sk_psock_strp_read # now stream_verdict return SK_PASS without peer sock assign __SK_PASS = sk_psock_map_verd(SK_PASS, NULL) sk_psock_verdict_apply sk_psock_skb_ingress_self sk_psock_skb_ingress_enqueue sk_psock_data_ready read_lock_bh(&sk->sk_callback_lock) <= dead lock

'''

This topic has been discussed before, but it has not been fixed. Previous discussion: https://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch

Show details on source website

To clipboard 

{
   affected: [],
   aliases: [
      "CVE-2024-56694",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-667",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2024-12-28T10:15:15Z",
      severity: "MODERATE",
   },
   details: "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix recursive lock when verdict program return SK_PASS\n\nWhen the stream_verdict program returns SK_PASS, it places the received skb\ninto its own receive queue, but a recursive lock eventually occurs, leading\nto an operating system deadlock. This issue has been present since v6.9.\n\n'''\nsk_psock_strp_data_ready\n    write_lock_bh(&sk->sk_callback_lock)\n    strp_data_ready\n      strp_read_sock\n        read_sock -> tcp_read_sock\n          strp_recv\n            cb.rcv_msg -> sk_psock_strp_read\n              # now stream_verdict return SK_PASS without peer sock assign\n              __SK_PASS = sk_psock_map_verd(SK_PASS, NULL)\n              sk_psock_verdict_apply\n                sk_psock_skb_ingress_self\n                  sk_psock_skb_ingress_enqueue\n                    sk_psock_data_ready\n                      read_lock_bh(&sk->sk_callback_lock) <= dead lock\n\n'''\n\nThis topic has been discussed before, but it has not been fixed.\nPrevious discussion:\nhttps://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch",
   id: "GHSA-f225-f9rp-hg69",
   modified: "2025-01-09T18:32:13Z",
   published: "2024-12-28T12:30:47Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2024-56694",
      },
      {
         type: "WEB",
         url: "https://git.kernel.org/stable/c/01f1b88acfd79103da0610b45471f6c88ea98d72",
      },
      {
         type: "WEB",
         url: "https://git.kernel.org/stable/c/078f7e1521442a55db4bed812a2fbaf02ac33819",
      },
      {
         type: "WEB",
         url: "https://git.kernel.org/stable/c/221109ba2127eabd0aa64718543638b58b15df56",
      },
      {
         type: "WEB",
         url: "https://git.kernel.org/stable/c/386efa339e08563dd33e83bc951aea5d407fe578",
      },
      {
         type: "WEB",
         url: "https://git.kernel.org/stable/c/6694f7acd625ed854bf6342926e771d65dad7f69",
      },
      {
         type: "WEB",
         url: "https://git.kernel.org/stable/c/8ca2a1eeadf09862190b2810697702d803ceef2d",
      },
      {
         type: "WEB",
         url: "https://git.kernel.org/stable/c/da2bc8a0c8f3ac66fdf980fc59936f851a083561",
      },
      {
         type: "WEB",
         url: "https://git.kernel.org/stable/c/f84c5ef6ca23cc2f72f3b830d74f67944684bb05",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
         type: "CVSS_V3",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.