ghsa-cj8f-58h8-h475
Vulnerability from github
Published
2025-10-22 15:31
Modified
2025-10-22 15:31
Details

In the Linux kernel, the following vulnerability has been resolved:

netlink: fix potential deadlock in netlink_set_err()

syzbot reported a possible deadlock in netlink_set_err() [1]

A similar issue was fixed in commit 1d482e666b8e ("netlink: disable IRQs for netlink_lock_table()") in netlink_lock_table()

This patch adds IRQ safety to netlink_set_err() and __netlink_diag_dump() which were not covered by cited commit.

[1]

WARNING: possible irq lock inversion dependency detected 6.4.0-rc6-syzkaller-00240-g4e9f0ec38852 #0 Not tainted

syz-executor.2/23011 just changed the state of lock: ffffffff8e1a7a58 (nl_table_lock){.+.?}-{2:2}, at: netlink_set_err+0x2e/0x3a0 net/netlink/af_netlink.c:1612 but this lock was taken by another, SOFTIRQ-safe lock in the past: (&local->queue_stop_reason_lock){..-.}-{2:2}

and interrupts could create inverse lock ordering between them.

other info that might help us debug this: Possible interrupt unsafe locking scenario:

   CPU0                    CPU1
   ----                    ----

lock(nl_table_lock); local_irq_disable(); lock(&local->queue_stop_reason_lock); lock(nl_table_lock); lock(&local->queue_stop_reason_lock);

*** DEADLOCK ***

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-53731"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-22T14:15:48Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: fix potential deadlock in netlink_set_err()\n\nsyzbot reported a possible deadlock in netlink_set_err() [1]\n\nA similar issue was fixed in commit 1d482e666b8e (\"netlink: disable IRQs\nfor netlink_lock_table()\") in netlink_lock_table()\n\nThis patch adds IRQ safety to netlink_set_err() and __netlink_diag_dump()\nwhich were not covered by cited commit.\n\n[1]\n\nWARNING: possible irq lock inversion dependency detected\n6.4.0-rc6-syzkaller-00240-g4e9f0ec38852 #0 Not tainted\n\nsyz-executor.2/23011 just changed the state of lock:\nffffffff8e1a7a58 (nl_table_lock){.+.?}-{2:2}, at: netlink_set_err+0x2e/0x3a0 net/netlink/af_netlink.c:1612\nbut this lock was taken by another, SOFTIRQ-safe lock in the past:\n (\u0026local-\u003equeue_stop_reason_lock){..-.}-{2:2}\n\nand interrupts could create inverse lock ordering between them.\n\nother info that might help us debug this:\n Possible interrupt unsafe locking scenario:\n\n       CPU0                    CPU1\n       ----                    ----\n  lock(nl_table_lock);\n                               local_irq_disable();\n                               lock(\u0026local-\u003equeue_stop_reason_lock);\n                               lock(nl_table_lock);\n  \u003cInterrupt\u003e\n    lock(\u0026local-\u003equeue_stop_reason_lock);\n\n *** DEADLOCK ***",
  "id": "GHSA-cj8f-58h8-h475",
  "modified": "2025-10-22T15:31:12Z",
  "published": "2025-10-22T15:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53731"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1556ba034b95cfd4f75ea93c1a2679ae0444bba1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4b9adb8d4a62ff7608d4a7d4eb42036a88f30980"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/61ffe8b1ee084e5c82a4e4bbf9e7b68e0c06e464"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8d61f926d42045961e6b65191c09e3678d86a9cf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8f6652ed2ad98fe6d13b903483d9257762ab2ec6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a641240b7e071c5538dc0e7894ece833fce459dd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c09e8e3f7fd432984bf5422302b093d2371dfc48"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cde7b90e0539a3b11da377e463dfd2288a162dbf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb8e27c8fa9397b4a7b181c48fa58157dbe9902e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.