CVE-2024-27014
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-27014
CVE Details
| Release Date: | 2024-05-01 |
Description
In the Linux kernel, the following vulnerability has been resolved:\nnet/mlx5e: Prevent deadlock while disabling aRFS\nWhen disabling aRFS under the `priv->state_lock`, any scheduled\naRFS works are canceled using the `cancel_work_sync` function,\nwhich waits for the work to end if it has already started.\nHowever, while waiting for the work handler, the handler will\ntry to acquire the `state_lock` which is already acquired.\nThe worker acquires the lock to delete the rules if the state\nis down, which is not the worker's responsibility since\ndisabling aRFS deletes the rules.\nAdd an aRFS state variable, which indicates whether the aRFS is\nenabled and prevent adding rules when the aRFS is disabled.\nKernel log:\n======================================================\nWARNING: possible circular locking dependency detected\n6.7.0-rc4_net_next_mlx5_5483eb2 #1 Tainted: G I\n------------------------------------------------------\nethtool/386089 is trying to acquire lock:\nffff88810f21ce68 ((work_completion)(&rule->arfs_work)){+.+.}-{0:0}, at: __flush_work+0x74/0x4e0\nbut task is already holding lock:\nffff8884a1808cc0 (&priv->state_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\nwhich lock already depends on the new lock.\nthe existing dependency chain (in reverse order) is:\n-> #1 (&priv->state_lock){+.+.}-{3:3}:\n__mutex_lock+0x80/0xc90\narfs_handle_work+0x4b/0x3b0 [mlx5_core]\nprocess_one_work+0x1dc/0x4a0\nworker_thread+0x1bf/0x3c0\nkthread+0xd7/0x100\nret_from_fork+0x2d/0x50\nret_from_fork_asm+0x11/0x20\n-> #0 ((work_completion)(&rule->arfs_work)){+.+.}-{0:0}:\n__lock_acquire+0x17b4/0x2c80\nlock_acquire+0xd0/0x2b0\n__flush_work+0x7a/0x4e0\n__cancel_work_timer+0x131/0x1c0\narfs_del_rules+0x143/0x1e0 [mlx5_core]\nmlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\nmlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\nethnl_set_channels+0x28f/0x3b0\nethnl_default_set_doit+0xec/0x240\ngenl_family_rcv_msg_doit+0xd0/0x120\ngenl_rcv_msg+0x188/0x2c0\nnetlink_rcv_skb+0x54/0x100\ngenl_rcv+0x24/0x40\nnetlink_unicast+0x1a1/0x270\nnetlink_sendmsg+0x214/0x460\n__sock_sendmsg+0x38/0x60\n__sys_sendto+0x113/0x170\n__x64_sys_sendto+0x20/0x30\ndo_syscall_64+0x40/0xe0\nentry_SYSCALL_64_after_hwframe+0x46/0x4e\nother info that might help us debug this:\nPossible unsafe locking scenario:\nCPU0 CPU1\n---- ----\nlock(&priv->state_lock);\nlock((work_completion)(&rule->arfs_work));\nlock(&priv->state_lock);\nlock((work_completion)(&rule->arfs_work));\n*** DEADLOCK ***\n3 locks held by ethtool/386089:\n#0: ffffffff82ea7210 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40\n#1: ffffffff82e94c88 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_set_doit+0xd3/0x240\n#2: ffff8884a1808cc0 (&priv->state_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\nstack backtrace:\nCPU: 15 PID: 386089 Comm: ethtool Tainted: G I 6.7.0-rc4_net_next_mlx5_5483eb2 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nCall Trace:\n
See more information about CVE-2024-27014 from MITRE CVE dictionary and NIST NVD
CVSS Scoring
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
| Base Score: | 5.5 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector: | Local network | Attack Complexity: | Low |
| Privileges Required: | Low | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | None |
| Integrity Impact: | None | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 8 (kernel) | ELSA-2024-3618 | 2024-06-05 |
| Oracle Linux version 9 (kernel) | ELSA-2024-9315 | 2024-11-14 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
