github - ghsa-f225-f9rp-hg69

ghsa-f225-f9rp-hg69

Vulnerability from github

Published

2024-12-28 12:30

Modified

2025-11-03 21:32

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

bpf: fix recursive lock when verdict program return SK_PASS

When the stream_verdict program returns SK_PASS, it places the received skb into its own receive queue, but a recursive lock eventually occurs, leading to an operating system deadlock. This issue has been present since v6.9.

''' sk_psock_strp_data_ready write_lock_bh(&sk->sk_callback_lock) strp_data_ready strp_read_sock read_sock -> tcp_read_sock strp_recv cb.rcv_msg -> sk_psock_strp_read # now stream_verdict return SK_PASS without peer sock assign __SK_PASS = sk_psock_map_verd(SK_PASS, NULL) sk_psock_verdict_apply sk_psock_skb_ingress_self sk_psock_skb_ingress_enqueue sk_psock_data_ready read_lock_bh(&sk->sk_callback_lock) <= dead lock

'''

This topic has been discussed before, but it has not been fixed. Previous discussion: https://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-56694"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-667"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-28T10:15:15Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix recursive lock when verdict program return SK_PASS\n\nWhen the stream_verdict program returns SK_PASS, it places the received skb\ninto its own receive queue, but a recursive lock eventually occurs, leading\nto an operating system deadlock. This issue has been present since v6.9.\n\n\u0027\u0027\u0027\nsk_psock_strp_data_ready\n    write_lock_bh(\u0026sk-\u003esk_callback_lock)\n    strp_data_ready\n      strp_read_sock\n        read_sock -\u003e tcp_read_sock\n          strp_recv\n            cb.rcv_msg -\u003e sk_psock_strp_read\n              # now stream_verdict return SK_PASS without peer sock assign\n              __SK_PASS = sk_psock_map_verd(SK_PASS, NULL)\n              sk_psock_verdict_apply\n                sk_psock_skb_ingress_self\n                  sk_psock_skb_ingress_enqueue\n                    sk_psock_data_ready\n                      read_lock_bh(\u0026sk-\u003esk_callback_lock) \u003c= dead lock\n\n\u0027\u0027\u0027\n\nThis topic has been discussed before, but it has not been fixed.\nPrevious discussion:\nhttps://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch",
  "id": "GHSA-f225-f9rp-hg69",
  "modified": "2025-11-03T21:32:01Z",
  "published": "2024-12-28T12:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56694"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/01f1b88acfd79103da0610b45471f6c88ea98d72"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/078f7e1521442a55db4bed812a2fbaf02ac33819"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/221109ba2127eabd0aa64718543638b58b15df56"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/386efa339e08563dd33e83bc951aea5d407fe578"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6694f7acd625ed854bf6342926e771d65dad7f69"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8ca2a1eeadf09862190b2810697702d803ceef2d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/da2bc8a0c8f3ac66fdf980fc59936f851a083561"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f84c5ef6ca23cc2f72f3b830d74f67944684bb05"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2024-56694 (GCVE-0-2024-56694)

Vulnerability from cvelistv5

Published

2024-12-28 09:46

Modified

2025-11-03 20:52

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf: fix recursive lock when verdict program return SK_PASS When the stream_verdict program returns SK_PASS, it places the received skb into its own receive queue, but a recursive lock eventually occurs, leading to an operating system deadlock. This issue has been present since v6.9. ''' sk_psock_strp_data_ready write_lock_bh(&sk->sk_callback_lock) strp_data_ready strp_read_sock read_sock -> tcp_read_sock strp_recv cb.rcv_msg -> sk_psock_strp_read # now stream_verdict return SK_PASS without peer sock assign __SK_PASS = sk_psock_map_verd(SK_PASS, NULL) sk_psock_verdict_apply sk_psock_skb_ingress_self sk_psock_skb_ingress_enqueue sk_psock_data_ready read_lock_bh(&sk->sk_callback_lock) <= dead lock ''' This topic has been discussed before, but it has not been fixed. Previous discussion: https://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch

References

URL

Tags

	https://git.kernel.org/stable/c/221109ba2127eabd0aa64718543638b58b15df56
	https://git.kernel.org/stable/c/6694f7acd625ed854bf6342926e771d65dad7f69
	https://git.kernel.org/stable/c/386efa339e08563dd33e83bc951aea5d407fe578
	https://git.kernel.org/stable/c/da2bc8a0c8f3ac66fdf980fc59936f851a083561
	https://git.kernel.org/stable/c/01f1b88acfd79103da0610b45471f6c88ea98d72
	https://git.kernel.org/stable/c/f84c5ef6ca23cc2f72f3b830d74f67944684bb05
	https://git.kernel.org/stable/c/8ca2a1eeadf09862190b2810697702d803ceef2d

Impacted products

Vendor

Product

Version

Linux

Version: c0809c128dad4c3413818384eb06a341633db973
Version: 5965bc7535fb87510b724e5465ccc1a1cf00916d
Version: 39dc9e1442385d6e9be0b6491ee488dddd55ae27
Version: b397a0ab8582c533ec0c6b732392f141fc364f87
Version: 6648e613226e18897231ab5e42ffc29e63fa3365
Version: 6648e613226e18897231ab5e42ffc29e63fa3365
Version: 6648e613226e18897231ab5e42ffc29e63fa3365
Version: 772d5729b5ff0df0d37b32db600ce635b2172f80

Linux

Version: 6.9

Show details on NVD website