CVE-2024-56694

Summary

In the Linux kernel, the following vulnerability has been resolved:

bpf: fix recursive lock when verdict program return SK_PASS

When the stream_verdict program returns SK_PASS, it places the received skb into its own receive queue, but a recursive lock eventually occurs, leading to an operating system deadlock. This issue has been present since v6.9.

''' sk_psock_strp_data_ready write_lock_bh(&sk->sk_callback_lock) strp_data_ready strp_read_sock read_sock -> tcp_read_sock strp_recv cb.rcv_msg -> sk_psock_strp_read # now stream_verdict return SK_PASS without peer sock assign __SK_PASS = sk_psock_map_verd(SK_PASS, NULL) sk_psock_verdict_apply sk_psock_skb_ingress_self sk_psock_skb_ingress_enqueue sk_psock_data_ready read_lock_bh(&sk->sk_callback_lock) <= dead lock

'''

This topic has been discussed before, but it has not been fixed. Previous discussion: https://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc0809c128dad4c3413818384eb06a341633db973 < 221109ba2127eabd0aa64718543638b58b15df56affected
LinuxLinux5965bc7535fb87510b724e5465ccc1a1cf00916d < 6694f7acd625ed854bf6342926e771d65dad7f69affected
LinuxLinux39dc9e1442385d6e9be0b6491ee488dddd55ae27 < 386efa339e08563dd33e83bc951aea5d407fe578affected
LinuxLinuxb397a0ab8582c533ec0c6b732392f141fc364f87 < da2bc8a0c8f3ac66fdf980fc59936f851a083561affected
LinuxLinux6648e613226e18897231ab5e42ffc29e63fa3365 < 01f1b88acfd79103da0610b45471f6c88ea98d72affected
LinuxLinux6648e613226e18897231ab5e42ffc29e63fa3365 < f84c5ef6ca23cc2f72f3b830d74f67944684bb05affected
LinuxLinux6648e613226e18897231ab5e42ffc29e63fa3365 < 8ca2a1eeadf09862190b2810697702d803ceef2daffected
LinuxLinux772d5729b5ff0df0d37b32db600ce635b2172f80affected
LinuxLinux5.10.223 < 5.10.233affected
LinuxLinux5.15.159 < 5.15.174affected
LinuxLinux6.1.91 < 6.1.120affected
LinuxLinux6.6.31 < 6.6.64affected
LinuxLinux6.8.10 < 6.9affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux5.10.233 <= 5.10.*unaffected
LinuxLinux5.15.174 <= 5.15.*unaffected
LinuxLinux6.1.120 <= 6.1.*unaffected
LinuxLinux6.6.64 <= 6.6.*unaffected
LinuxLinux6.11.11 <= 6.11.*unaffected
LinuxLinux6.12.2 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References