CVE-2024-38589 (GCVE-0-2024-38589)
Vulnerability from cvelistv5 – Published: 2024-06-19 13:45 – Updated: 2026-05-12 11:54
VLAI
EPSS
VEX
Title
netrom: fix possible dead-lock in nr_rt_ioctl()
Summary
In the Linux kernel, the following vulnerability has been resolved:
netrom: fix possible dead-lock in nr_rt_ioctl()
syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]
Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)
[1]
WARNING: possible circular locking dependency detected
6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted
------------------------------------------------------
syz-executor350/5129 is trying to acquire lock:
ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]
ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]
ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
but task is already holding lock:
ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (nr_node_list_lock){+...}-{2:2}:
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
nr_remove_node net/netrom/nr_route.c:299 [inline]
nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355
nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683
sock_do_ioctl+0x158/0x460 net/socket.c:1222
sock_ioctl+0x629/0x8e0 net/socket.c:1341
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:904 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (&nr_node->node_lock){+...}-{2:2}:
check_prev_add kernel/locking/lockdep.c:3134 [inline]
check_prevs_add kernel/locking/lockdep.c:3253 [inline]
validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869
__lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
nr_node_lock include/net/netrom.h:152 [inline]
nr_dec_obs net/netrom/nr_route.c:464 [inline]
nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697
sock_do_ioctl+0x158/0x460 net/socket.c:1222
sock_ioctl+0x629/0x8e0 net/socket.c:1341
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:904 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(nr_node_list_lock);
lock(&nr_node->node_lock);
lock(nr_node_list_lock);
lock(&nr_node->node_lock);
*** DEADLOCK ***
1 lock held by syz-executor350/5129:
#0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]
#0: ffffffff8f70
---truncated---
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
12 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b9d663fbf74290cb68fbc66ae4367bd56837ad1d
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1fbfb483c1a290dce3f41f52d45cc46dd88b7691 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b117e5b4f27c2c9076561b6be450a9619f0b79de (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 421c50fa81836775bf0fd6ce0e57a6eb27af24d5 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 5bc50a705cfac8f64ce51c95611c3dd0554ef9c3 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6 (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 4.19.316 , ≤ 4.19.* (semver) Unaffected: 5.4.278 , ≤ 5.4.* (semver) Unaffected: 5.10.219 , ≤ 5.10.* (semver) Unaffected: 5.15.161 , ≤ 5.15.* (semver) Unaffected: 6.1.93 , ≤ 6.1.* (semver) Unaffected: 6.6.33 , ≤ 6.6.* (semver) Unaffected: 6.8.12 , ≤ 6.8.* (semver) Unaffected: 6.9.3 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V3.1
(custom)
|
|
| Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family |
Unaffected:
0 , < *
(custom)
|
|
| Siemens | SCALANCE XCM-/XRM-/XCH-/XRH-300 family |
Affected:
0 , < V3.1
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:21:39.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b9d663fbf74290cb68fbc66ae4367bd56837ad1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1fbfb483c1a290dce3f41f52d45cc46dd88b7691"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b117e5b4f27c2c9076561b6be450a9619f0b79de"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/421c50fa81836775bf0fd6ce0e57a6eb27af24d5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5bc50a705cfac8f64ce51c95611c3dd0554ef9c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:46.964501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:54.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:54:47.272Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netrom/nr_route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b9d663fbf74290cb68fbc66ae4367bd56837ad1d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1fbfb483c1a290dce3f41f52d45cc46dd88b7691",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b117e5b4f27c2c9076561b6be450a9619f0b79de",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "421c50fa81836775bf0fd6ce0e57a6eb27af24d5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5bc50a705cfac8f64ce51c95611c3dd0554ef9c3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netrom/nr_route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: fix possible dead-lock in nr_rt_ioctl()\n\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\n\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\n\n[1]\nWARNING: possible circular locking dependency detected\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\n------------------------------------------------------\nsyz-executor350/5129 is trying to acquire lock:\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n\nbut task is already holding lock:\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #1 (nr_node_list_lock){+...}-{2:2}:\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_remove_node net/netrom/nr_route.c:299 [inline]\n nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\n nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-\u003e #0 (\u0026nr_node-\u003enode_lock){+...}-{2:2}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n spin_lock_bh include/linux/spinlock.h:356 [inline]\n nr_node_lock include/net/netrom.h:152 [inline]\n nr_dec_obs net/netrom/nr_route.c:464 [inline]\n nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:904 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(nr_node_list_lock);\n lock(\u0026nr_node-\u003enode_lock);\n lock(nr_node_list_lock);\n lock(\u0026nr_node-\u003enode_lock);\n\n *** DEADLOCK ***\n\n1 lock held by syz-executor350/5129:\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n #0: ffffffff8f70\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:19:38.826Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b9d663fbf74290cb68fbc66ae4367bd56837ad1d"
},
{
"url": "https://git.kernel.org/stable/c/1fbfb483c1a290dce3f41f52d45cc46dd88b7691"
},
{
"url": "https://git.kernel.org/stable/c/b117e5b4f27c2c9076561b6be450a9619f0b79de"
},
{
"url": "https://git.kernel.org/stable/c/421c50fa81836775bf0fd6ce0e57a6eb27af24d5"
},
{
"url": "https://git.kernel.org/stable/c/3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7"
},
{
"url": "https://git.kernel.org/stable/c/f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8"
},
{
"url": "https://git.kernel.org/stable/c/5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5"
},
{
"url": "https://git.kernel.org/stable/c/5bc50a705cfac8f64ce51c95611c3dd0554ef9c3"
},
{
"url": "https://git.kernel.org/stable/c/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6"
}
],
"title": "netrom: fix possible dead-lock in nr_rt_ioctl()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38589",
"datePublished": "2024-06-19T13:45:41.258Z",
"dateReserved": "2024-06-18T19:36:34.930Z",
"dateUpdated": "2026-05-12T11:54:47.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-38589",
"date": "2026-07-13",
"epss": "0.00195",
"percentile": "0.09302"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.6.12\", \"versionEndExcluding\": \"4.19.316\", \"matchCriteriaId\": \"E119EFEF-0E26-41C9-B9A8-A07B90C45CDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.20\", \"versionEndExcluding\": \"5.4.278\", \"matchCriteriaId\": \"7FDBF235-DA18-49A1-8690-6C7272FD0701\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.5\", \"versionEndExcluding\": \"5.10.219\", \"matchCriteriaId\": \"E9063AF3-D593-43B7-810D-58B87F82F9F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.11\", \"versionEndExcluding\": \"5.15.161\", \"matchCriteriaId\": \"31130639-53FE-4726-8986-434EE2528CB2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.16\", \"versionEndExcluding\": \"6.1.93\", \"matchCriteriaId\": \"EEFB78EE-F990-4197-BF1C-156760A55667\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2\", \"versionEndExcluding\": \"6.6.33\", \"matchCriteriaId\": \"FCE796DF-3B50-4DC6-BAE5-95271068FC9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.7\", \"versionEndExcluding\": \"6.8.12\", \"matchCriteriaId\": \"80550309-67AB-4FD1-AC07-3DED5C4F01B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.9\", \"versionEndExcluding\": \"6.9.3\", \"matchCriteriaId\": \"E07124C1-19E8-4D21-828D-9932A01D3011\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetrom: fix possible dead-lock in nr_rt_ioctl()\\n\\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\\n\\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\\n\\n[1]\\nWARNING: possible circular locking dependency detected\\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\\n------------------------------------------------------\\nsyz-executor350/5129 is trying to acquire lock:\\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\\n\\nbut task is already holding lock:\\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\\n\\nwhich lock already depends on the new lock.\\n\\nthe existing dependency chain (in reverse order) is:\\n\\n-\u003e #1 (nr_node_list_lock){+...}-{2:2}:\\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\\n spin_lock_bh include/linux/spinlock.h:356 [inline]\\n nr_remove_node net/netrom/nr_route.c:299 [inline]\\n nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\\n nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\\n vfs_ioctl fs/ioctl.c:51 [inline]\\n __do_sys_ioctl fs/ioctl.c:904 [inline]\\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\\n\\n-\u003e #0 (\u0026nr_node-\u003enode_lock){+...}-{2:2}:\\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\\n validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\\n __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\\n spin_lock_bh include/linux/spinlock.h:356 [inline]\\n nr_node_lock include/net/netrom.h:152 [inline]\\n nr_dec_obs net/netrom/nr_route.c:464 [inline]\\n nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\\n vfs_ioctl fs/ioctl.c:51 [inline]\\n __do_sys_ioctl fs/ioctl.c:904 [inline]\\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\\n\\nother info that might help us debug this:\\n\\n Possible unsafe locking scenario:\\n\\n CPU0 CPU1\\n ---- ----\\n lock(nr_node_list_lock);\\n lock(\u0026nr_node-\u003enode_lock);\\n lock(nr_node_list_lock);\\n lock(\u0026nr_node-\u003enode_lock);\\n\\n *** DEADLOCK ***\\n\\n1 lock held by syz-executor350/5129:\\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\\n #0: ffffffff8f70\\n---truncated---\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se resolvi\\u00f3 la siguiente vulnerabilidad: netrom: solucion\\u00f3 un posible bloqueo en nr_rt_ioctl() syzbot ama netrom y encontr\\u00f3 un posible bloqueo en nr_rt_ioctl [1] Aseg\\u00farese de adquirir siempre nr_node_list_lock antes de nr_node_lock(nr_node) [1 ] ADVERTENCIA: se detect\\u00f3 posible dependencia de bloqueo circular 6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 No contaminado --------------------- --------------------- syz-executor350/5129 est\\u00e1 intentando adquirir el bloqueo: ffff8880186e2070 (\u0026amp;nr_node-\u0026gt;node_lock){+... }-{2:2}, en: spin_lock_bh include/linux/spinlock.h:356 [en l\\u00ednea] ffff8880186e2070 (\u0026amp;nr_node-\u0026gt;node_lock){+...}-{2:2}, en: nr_node_lock include/net/ netrom.h:152 [en l\\u00ednea] ffff8880186e2070 (\u0026amp;nr_node-\u0026gt;node_lock){+...}-{2:2}, en: nr_dec_obs net/netrom/nr_route.c:464 [en l\\u00ednea] ffff8880186e2070 (\u0026amp;nr_node-\u0026gt;node_lock) {+...}-{2:2}, en: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697 pero la tarea ya est\\u00e1 bloqueada: fffffffff8f7053b8 (nr_node_list_lock){+...}-{2: 2}, en: spin_lock_bh include/linux/spinlock.h:356 [en l\\u00ednea] fffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, en: nr_dec_obs net/netrom/nr_route.c:462 [en l\\u00ednea] ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, en: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697 cuyo bloqueo ya depende del nuevo bloqueo. la cadena de dependencia existente (en orden inverso) es: -\u0026gt; #1 (nr_node_list_lock){+...}-{2:2}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/ spinlock_api_smp.h:126 [en l\\u00ednea] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [en l\\u00ednea] nr_remove_node net/netrom/nr_route.c:299 [en l\\u00ednea] nr_del_node+ 0x4b4/0x820 net/netrom/nr_route.c:355 nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683 sock_do_ioctl+0x158/0x460 net/socket.c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:13 41 vfs_ioctl fs/ioctl.c:51 [en l\\u00ednea] __do_sys_ioctl fs/ioctl.c:904 [en l\\u00ednea] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890 do_syscall_x64 arch/x86/entry/common.c:52 [en l\\u00ednea] do_syscall_64 +0xf5/0x240 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x77/0x7f -\u0026gt; #0 (\u0026amp;nr_node-\u0026gt;node_lock){+...}-{2:2}: check_prev_add kernel/locking/lockdep. c:3134 [en l\\u00ednea] check_prevs_add kernel/locking/lockdep.c:3253 [en l\\u00ednea] validar_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137 lock_acquire+0x1ed /0x550 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [en l\\u00ednea] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [en l\\u00ednea ] nr_node_lock include/net/netrom.h:152 [en l\\u00ednea] nr_dec_obs net/netrom/nr_route.c:464 [en l\\u00ednea] nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697 sock_do_ioctl+0x158/0x460 net/socket. c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [en l\\u00ednea] __do_sys_ioctl fs/ioctl.c:904 [en l\\u00ednea] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890 llamada_x64 arch/x86/entry/common.c:52 [en l\\u00ednea] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x77/0x7f otra informaci\\u00f3n que podr\\u00eda ayudarnos a depurar esto: Posible escenario de bloqueo inseguro: CPU0 CPU1 ---- ---- bloqueo(nr_node_list_lock); bloquear(\u0026amp;nr_nodo-\u0026gt;nodo_lock); bloquear(nr_node_list_lock); bloquear(\u0026amp;nr_nodo-\u0026gt;nodo_lock); *** DEADLOCK *** 1 bloqueo retenido por syz-executor350/5129: #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, en: spin_lock_bh include/linux/spinlock.h:356 [ en l\\u00ednea] #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, en: nr_dec_obs net/netrom/nr_route.c:462 [en l\\u00ednea] #0: ffffffff8f70 ---truncado---\"}]",
"id": "CVE-2024-38589",
"lastModified": "2025-01-10T18:18:16.900",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
"published": "2024-06-19T14:15:19.000",
"references": "[{\"url\": \"https://git.kernel.org/stable/c/1fbfb483c1a290dce3f41f52d45cc46dd88b7691\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/421c50fa81836775bf0fd6ce0e57a6eb27af24d5\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/5bc50a705cfac8f64ce51c95611c3dd0554ef9c3\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/b117e5b4f27c2c9076561b6be450a9619f0b79de\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/b9d663fbf74290cb68fbc66ae4367bd56837ad1d\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/1fbfb483c1a290dce3f41f52d45cc46dd88b7691\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/421c50fa81836775bf0fd6ce0e57a6eb27af24d5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/5bc50a705cfac8f64ce51c95611c3dd0554ef9c3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/b117e5b4f27c2c9076561b6be450a9619f0b79de\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/b9d663fbf74290cb68fbc66ae4367bd56837ad1d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}]",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-667\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-38589\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-06-19T14:15:19.000\",\"lastModified\":\"2026-06-17T07:40:39.383\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetrom: fix possible dead-lock in nr_rt_ioctl()\\n\\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\\n\\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\\n\\n[1]\\nWARNING: possible circular locking dependency detected\\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\\n------------------------------------------------------\\nsyz-executor350/5129 is trying to acquire lock:\\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\\n\\nbut task is already holding lock:\\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\\n\\nwhich lock already depends on the new lock.\\n\\nthe existing dependency chain (in reverse order) is:\\n\\n-\u003e #1 (nr_node_list_lock){+...}-{2:2}:\\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\\n spin_lock_bh include/linux/spinlock.h:356 [inline]\\n nr_remove_node net/netrom/nr_route.c:299 [inline]\\n nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\\n nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\\n vfs_ioctl fs/ioctl.c:51 [inline]\\n __do_sys_ioctl fs/ioctl.c:904 [inline]\\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\\n\\n-\u003e #0 (\u0026nr_node-\u003enode_lock){+...}-{2:2}:\\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\\n validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\\n __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\\n spin_lock_bh include/linux/spinlock.h:356 [inline]\\n nr_node_lock include/net/netrom.h:152 [inline]\\n nr_dec_obs net/netrom/nr_route.c:464 [inline]\\n nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\\n vfs_ioctl fs/ioctl.c:51 [inline]\\n __do_sys_ioctl fs/ioctl.c:904 [inline]\\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\\n\\nother info that might help us debug this:\\n\\n Possible unsafe locking scenario:\\n\\n CPU0 CPU1\\n ---- ----\\n lock(nr_node_list_lock);\\n lock(\u0026nr_node-\u003enode_lock);\\n lock(nr_node_list_lock);\\n lock(\u0026nr_node-\u003enode_lock);\\n\\n *** DEADLOCK ***\\n\\n1 lock held by syz-executor350/5129:\\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\\n #0: ffffffff8f70\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: netrom: solucion\u00f3 un posible bloqueo en nr_rt_ioctl() syzbot ama netrom y encontr\u00f3 un posible bloqueo en nr_rt_ioctl [1] Aseg\u00farese de adquirir siempre nr_node_list_lock antes de nr_node_lock(nr_node) [1 ] ADVERTENCIA: se detect\u00f3 posible dependencia de bloqueo circular 6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 No contaminado --------------------- --------------------- syz-executor350/5129 est\u00e1 intentando adquirir el bloqueo: ffff8880186e2070 (\u0026amp;nr_node-\u0026gt;node_lock){+... }-{2:2}, en: spin_lock_bh include/linux/spinlock.h:356 [en l\u00ednea] ffff8880186e2070 (\u0026amp;nr_node-\u0026gt;node_lock){+...}-{2:2}, en: nr_node_lock include/net/ netrom.h:152 [en l\u00ednea] ffff8880186e2070 (\u0026amp;nr_node-\u0026gt;node_lock){+...}-{2:2}, en: nr_dec_obs net/netrom/nr_route.c:464 [en l\u00ednea] ffff8880186e2070 (\u0026amp;nr_node-\u0026gt;node_lock) {+...}-{2:2}, en: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697 pero la tarea ya est\u00e1 bloqueada: fffffffff8f7053b8 (nr_node_list_lock){+...}-{2: 2}, en: spin_lock_bh include/linux/spinlock.h:356 [en l\u00ednea] fffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, en: nr_dec_obs net/netrom/nr_route.c:462 [en l\u00ednea] ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, en: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697 cuyo bloqueo ya depende del nuevo bloqueo. la cadena de dependencia existente (en orden inverso) es: -\u0026gt; #1 (nr_node_list_lock){+...}-{2:2}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/ spinlock_api_smp.h:126 [en l\u00ednea] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [en l\u00ednea] nr_remove_node net/netrom/nr_route.c:299 [en l\u00ednea] nr_del_node+ 0x4b4/0x820 net/netrom/nr_route.c:355 nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683 sock_do_ioctl+0x158/0x460 net/socket.c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:13 41 vfs_ioctl fs/ioctl.c:51 [en l\u00ednea] __do_sys_ioctl fs/ioctl.c:904 [en l\u00ednea] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64 +0xf5/0x240 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x77/0x7f -\u0026gt; #0 (\u0026amp;nr_node-\u0026gt;node_lock){+...}-{2:2}: check_prev_add kernel/locking/lockdep. c:3134 [en l\u00ednea] check_prevs_add kernel/locking/lockdep.c:3253 [en l\u00ednea] validar_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137 lock_acquire+0x1ed /0x550 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [en l\u00ednea] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [en l\u00ednea ] nr_node_lock include/net/netrom.h:152 [en l\u00ednea] nr_dec_obs net/netrom/nr_route.c:464 [en l\u00ednea] nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697 sock_do_ioctl+0x158/0x460 net/socket. c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [en l\u00ednea] __do_sys_ioctl fs/ioctl.c:904 [en l\u00ednea] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890 llamada_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x77/0x7f otra informaci\u00f3n que podr\u00eda ayudarnos a depurar esto: Posible escenario de bloqueo inseguro: CPU0 CPU1 ---- ---- bloqueo(nr_node_list_lock); bloquear(\u0026amp;nr_nodo-\u0026gt;nodo_lock); bloquear(nr_node_list_lock); bloquear(\u0026amp;nr_nodo-\u0026gt;nodo_lock); *** DEADLOCK *** 1 bloqueo retenido por syz-executor350/5129: #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, en: spin_lock_bh include/linux/spinlock.h:356 [ en l\u00ednea] #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, en: nr_dec_obs net/netrom/nr_route.c:462 [en l\u00ednea] #0: ffffffff8f70 ---truncado---\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"net/netrom/nr_route.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"b9d663fbf74290cb68fbc66ae4367bd56837ad1d\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"1fbfb483c1a290dce3f41f52d45cc46dd88b7691\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"b117e5b4f27c2c9076561b6be450a9619f0b79de\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"421c50fa81836775bf0fd6ce0e57a6eb27af24d5\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"5bc50a705cfac8f64ce51c95611c3dd0554ef9c3\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"net/netrom/nr_route.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"2.6.12\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"2.6.12\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"4.19.316\",\"lessThanOrEqual\":\"4.19.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.4.278\",\"lessThanOrEqual\":\"5.4.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.10.219\",\"lessThanOrEqual\":\"5.10.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.15.161\",\"lessThanOrEqual\":\"5.15.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.1.93\",\"lessThanOrEqual\":\"6.1.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.6.33\",\"lessThanOrEqual\":\"6.6.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.8.12\",\"lessThanOrEqual\":\"6.8.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.9.3\",\"lessThanOrEqual\":\"6.9.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.10\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]},{\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"affectedData\":[{\"vendor\":\"Siemens\",\"product\":\"RUGGEDCOM RST2428P\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V3.1\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"unaffected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SCALANCE XCM-/XRM-/XCH-/XRH-300 family\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V3.1\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-09-10T17:13:46.964501Z\",\"id\":\"CVE-2024-38589\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.12\",\"versionEndExcluding\":\"4.19.316\",\"matchCriteriaId\":\"E119EFEF-0E26-41C9-B9A8-A07B90C45CDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.278\",\"matchCriteriaId\":\"7FDBF235-DA18-49A1-8690-6C7272FD0701\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.219\",\"matchCriteriaId\":\"E9063AF3-D593-43B7-810D-58B87F82F9F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.161\",\"matchCriteriaId\":\"31130639-53FE-4726-8986-434EE2528CB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.93\",\"matchCriteriaId\":\"EEFB78EE-F990-4197-BF1C-156760A55667\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.33\",\"matchCriteriaId\":\"FCE796DF-3B50-4DC6-BAE5-95271068FC9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.8.12\",\"matchCriteriaId\":\"80550309-67AB-4FD1-AC07-3DED5C4F01B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.9\",\"versionEndExcluding\":\"6.9.3\",\"matchCriteriaId\":\"E07124C1-19E8-4D21-828D-9932A01D3011\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1fbfb483c1a290dce3f41f52d45cc46dd88b7691\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/421c50fa81836775bf0fd6ce0e57a6eb27af24d5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/5bc50a705cfac8f64ce51c95611c3dd0554ef9c3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b117e5b4f27c2c9076561b6be450a9619f0b79de\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b9d663fbf74290cb68fbc66ae4367bd56837ad1d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/1fbfb483c1a290dce3f41f52d45cc46dd88b7691\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/421c50fa81836775bf0fd6ce0e57a6eb27af24d5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/5bc50a705cfac8f64ce51c95611c3dd0554ef9c3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b117e5b4f27c2c9076561b6be450a9619f0b79de\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b9d663fbf74290cb68fbc66ae4367bd56837ad1d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-265688.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-613116.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
"redhat_vex": {
"aggregate_severity": "Low",
"current_release_date": "2025-11-21T14:04:02+00:00",
"cve": "CVE-2024-38589",
"id": "CVE-2024-38589",
"initial_release_date": "2024-06-19T00:00:00+00:00",
"product_status:known_affected": "58",
"product_status:known_not_affected": "140",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "kernel: netrom: fix possible dead-lock in nr_rt_ioctl()",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38589.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/b9d663fbf74290cb68fbc66ae4367bd56837ad1d\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/1fbfb483c1a290dce3f41f52d45cc46dd88b7691\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/b117e5b4f27c2c9076561b6be450a9619f0b79de\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/421c50fa81836775bf0fd6ce0e57a6eb27af24d5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/5bc50a705cfac8f64ce51c95611c3dd0554ef9c3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T17:21:39.426Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-38589\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T17:13:46.964501Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:26.803Z\"}}], \"cna\": {\"title\": \"netrom: fix possible dead-lock in nr_rt_ioctl()\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"b9d663fbf74290cb68fbc66ae4367bd56837ad1d\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"1fbfb483c1a290dce3f41f52d45cc46dd88b7691\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"b117e5b4f27c2c9076561b6be450a9619f0b79de\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"421c50fa81836775bf0fd6ce0e57a6eb27af24d5\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"5bc50a705cfac8f64ce51c95611c3dd0554ef9c3\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\", \"lessThan\": \"e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6\", \"versionType\": \"git\"}], \"programFiles\": [\"net/netrom/nr_route.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.6.12\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"2.6.12\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.19.316\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.278\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.219\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.161\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.93\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.33\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.8.12\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.8.*\"}, {\"status\": \"unaffected\", \"version\": \"6.9.3\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.9.*\"}, {\"status\": \"unaffected\", \"version\": \"6.10\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"net/netrom/nr_route.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/b9d663fbf74290cb68fbc66ae4367bd56837ad1d\"}, {\"url\": \"https://git.kernel.org/stable/c/1fbfb483c1a290dce3f41f52d45cc46dd88b7691\"}, {\"url\": \"https://git.kernel.org/stable/c/b117e5b4f27c2c9076561b6be450a9619f0b79de\"}, {\"url\": \"https://git.kernel.org/stable/c/421c50fa81836775bf0fd6ce0e57a6eb27af24d5\"}, {\"url\": \"https://git.kernel.org/stable/c/3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7\"}, {\"url\": \"https://git.kernel.org/stable/c/f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8\"}, {\"url\": \"https://git.kernel.org/stable/c/5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5\"}, {\"url\": \"https://git.kernel.org/stable/c/5bc50a705cfac8f64ce51c95611c3dd0554ef9c3\"}, {\"url\": \"https://git.kernel.org/stable/c/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetrom: fix possible dead-lock in nr_rt_ioctl()\\n\\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\\n\\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\\n\\n[1]\\nWARNING: possible circular locking dependency detected\\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\\n------------------------------------------------------\\nsyz-executor350/5129 is trying to acquire lock:\\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\\n ffff8880186e2070 (\u0026nr_node-\u003enode_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\\n\\nbut task is already holding lock:\\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\\n\\nwhich lock already depends on the new lock.\\n\\nthe existing dependency chain (in reverse order) is:\\n\\n-\u003e #1 (nr_node_list_lock){+...}-{2:2}:\\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\\n spin_lock_bh include/linux/spinlock.h:356 [inline]\\n nr_remove_node net/netrom/nr_route.c:299 [inline]\\n nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\\n nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\\n vfs_ioctl fs/ioctl.c:51 [inline]\\n __do_sys_ioctl fs/ioctl.c:904 [inline]\\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\\n\\n-\u003e #0 (\u0026nr_node-\u003enode_lock){+...}-{2:2}:\\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\\n validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\\n __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\\n lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\\n __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\\n _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\\n spin_lock_bh include/linux/spinlock.h:356 [inline]\\n nr_node_lock include/net/netrom.h:152 [inline]\\n nr_dec_obs net/netrom/nr_route.c:464 [inline]\\n nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\\n vfs_ioctl fs/ioctl.c:51 [inline]\\n __do_sys_ioctl fs/ioctl.c:904 [inline]\\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\\n\\nother info that might help us debug this:\\n\\n Possible unsafe locking scenario:\\n\\n CPU0 CPU1\\n ---- ----\\n lock(nr_node_list_lock);\\n lock(\u0026nr_node-\u003enode_lock);\\n lock(nr_node_list_lock);\\n lock(\u0026nr_node-\u003enode_lock);\\n\\n *** DEADLOCK ***\\n\\n1 lock held by syz-executor350/5129:\\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\\n #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\\n #0: ffffffff8f70\\n---truncated---\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.316\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.278\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.219\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.161\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.93\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.33\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.8.12\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.9.3\", \"versionStartIncluding\": \"2.6.12\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.10\", \"versionStartIncluding\": \"2.6.12\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T09:14:45.628Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-38589\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T17:21:39.426Z\", \"dateReserved\": \"2024-06-18T19:36:34.930Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-06-19T13:45:41.258Z\", \"assignerShortName\": \"Linux\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…