ghsa-f225-f9rp-hg69
Vulnerability from github
Published
2024-12-28 12:30
Modified
2025-01-09 18:32
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: fix recursive lock when verdict program return SK_PASS

When the stream_verdict program returns SK_PASS, it places the received skb into its own receive queue, but a recursive lock eventually occurs, leading to an operating system deadlock. This issue has been present since v6.9.

''' sk_psock_strp_data_ready write_lock_bh(&sk->sk_callback_lock) strp_data_ready strp_read_sock read_sock -> tcp_read_sock strp_recv cb.rcv_msg -> sk_psock_strp_read # now stream_verdict return SK_PASS without peer sock assign __SK_PASS = sk_psock_map_verd(SK_PASS, NULL) sk_psock_verdict_apply sk_psock_skb_ingress_self sk_psock_skb_ingress_enqueue sk_psock_data_ready read_lock_bh(&sk->sk_callback_lock) <= dead lock

'''

This topic has been discussed before, but it has not been fixed. Previous discussion: https://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-56694"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-667"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-28T10:15:15Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix recursive lock when verdict program return SK_PASS\n\nWhen the stream_verdict program returns SK_PASS, it places the received skb\ninto its own receive queue, but a recursive lock eventually occurs, leading\nto an operating system deadlock. This issue has been present since v6.9.\n\n\u0027\u0027\u0027\nsk_psock_strp_data_ready\n    write_lock_bh(\u0026sk-\u003esk_callback_lock)\n    strp_data_ready\n      strp_read_sock\n        read_sock -\u003e tcp_read_sock\n          strp_recv\n            cb.rcv_msg -\u003e sk_psock_strp_read\n              # now stream_verdict return SK_PASS without peer sock assign\n              __SK_PASS = sk_psock_map_verd(SK_PASS, NULL)\n              sk_psock_verdict_apply\n                sk_psock_skb_ingress_self\n                  sk_psock_skb_ingress_enqueue\n                    sk_psock_data_ready\n                      read_lock_bh(\u0026sk-\u003esk_callback_lock) \u003c= dead lock\n\n\u0027\u0027\u0027\n\nThis topic has been discussed before, but it has not been fixed.\nPrevious discussion:\nhttps://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch",
  "id": "GHSA-f225-f9rp-hg69",
  "modified": "2025-01-09T18:32:13Z",
  "published": "2024-12-28T12:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56694"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/01f1b88acfd79103da0610b45471f6c88ea98d72"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/078f7e1521442a55db4bed812a2fbaf02ac33819"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/221109ba2127eabd0aa64718543638b58b15df56"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/386efa339e08563dd33e83bc951aea5d407fe578"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6694f7acd625ed854bf6342926e771d65dad7f69"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8ca2a1eeadf09862190b2810697702d803ceef2d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/da2bc8a0c8f3ac66fdf980fc59936f851a083561"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f84c5ef6ca23cc2f72f3b830d74f67944684bb05"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.