CVE-2024-56694 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: bpf: fix recursive lock when verdict program return SK_PASS When the stream_verdict program returns SK_PASS, it places the received skb into its own receive queue, but a recursive lock eventually occurs, leading to an operating system deadlock. This issue has been present since v6.9. ''' sk_psock_strp_data_ready write_lock_bh(&sk->sk_callback_lock) strp_data_ready strp_read_sock read_sock -> tcp_read_sock strp_recv cb.rcv_msg -> sk_psock_strp_read # now stream_verdict return SK_PASS without peer sock assign __SK_PASS = sk_psock_map_verd(SK_PASS, NULL) sk_psock_verdict_apply sk_psock_skb_ingress_self sk_psock_skb_ingress_enqueue sk_psock_data_ready read_lock_bh(&sk->sk_callback_lock) <= dead lock ''' This topic has been discussed before, but it has not been fixed. Previous discussion: https://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/01f1b88acfd79103da0610b45471f6c88ea98d72
https://git.kernel.org/stable/c/078f7e1521442a55db4bed812a2fbaf02ac33819
https://git.kernel.org/stable/c/221109ba2127eabd0aa64718543638b58b15df56
https://git.kernel.org/stable/c/386efa339e08563dd33e83bc951aea5d407fe578
https://git.kernel.org/stable/c/6694f7acd625ed854bf6342926e771d65dad7f69
https://git.kernel.org/stable/c/8ca2a1eeadf09862190b2810697702d803ceef2d
https://git.kernel.org/stable/c/da2bc8a0c8f3ac66fdf980fc59936f851a083561
https://git.kernel.org/stable/c/f84c5ef6ca23cc2f72f3b830d74f67944684bb05
https://lore.kernel.org/linux-cve-announce/2024122835-CVE-2024-56694-c701@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-56694
https://www.cve.org/CVERecord?id=CVE-2024-56694

History

Thu, 09 Jan 2025 15:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/078f7e1521442a55db4bed812a2fbaf02ac33819 https://git.kernel.org/stable/c/221109ba2127eabd0aa64718543638b58b15df56

Wed, 08 Jan 2025 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-667
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel

Mon, 30 Dec 2024 01:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024122835-CVE-2024-56694-c701@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-56694 https://www.cve.org/CVERecord?id=CVE-2024-56694
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Sat, 28 Dec 2024 10:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: bpf: fix recursive lock when verdict program return SK_PASS When the stream_verdict program returns SK_PASS, it places the received skb into its own receive queue, but a recursive lock eventually occurs, leading to an operating system deadlock. This issue has been present since v6.9. ''' sk_psock_strp_data_ready write_lock_bh(&sk->sk_callback_lock) strp_data_ready strp_read_sock read_sock -> tcp_read_sock strp_recv cb.rcv_msg -> sk_psock_strp_read # now stream_verdict return SK_PASS without peer sock assign __SK_PASS = sk_psock_map_verd(SK_PASS, NULL) sk_psock_verdict_apply sk_psock_skb_ingress_self sk_psock_skb_ingress_enqueue sk_psock_data_ready read_lock_bh(&sk->sk_callback_lock) <= dead lock ''' This topic has been discussed before, but it has not been fixed. Previous discussion: https://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch
Title		bpf: fix recursive lock when verdict program return SK_PASS
References		https://git.kernel.org/stable/c/01f1b88acfd79103da0610b45471f6c88ea98d72 https://git.kernel.org/stable/c/386efa339e08563dd33e83bc951aea5d407fe578 https://git.kernel.org/stable/c/6694f7acd625ed854bf6342926e771d65dad7f69 https://git.kernel.org/stable/c/8ca2a1eeadf09862190b2810697702d803ceef2d https://git.kernel.org/stable/c/da2bc8a0c8f3ac66fdf980fc59936f851a083561 https://git.kernel.org/stable/c/f84c5ef6ca23cc2f72f3b830d74f67944684bb05

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-12-28T09:46:18.826Z

Updated: 2025-01-09T15:35:52.606Z

Reserved: 2024-12-27T15:00:39.849Z

Link: CVE-2024-56694

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-12-28T10:15:15.203

Modified: 2025-01-09T16:16:23.053

Link: CVE-2024-56694

Redhat

Severity : Low

Publid Date: 2024-12-28T00:00:00Z

Links: CVE-2024-56694 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object