CVE-2024-36003

CVE Details

Release Date:2024-05-20

Description


In the Linux kernel, the following vulnerability has been resolved:\nice: fix LAG and VF lock dependency in ice_reset_vf()\n9f74a3dfcf83 ('ice: Fix VF Reset paths when interface in a failed over\naggregate'), the ice driver has acquired the LAG mutex in ice_reset_vf().\nThe commit placed this lock acquisition just prior to the acquisition of\nthe VF configuration lock.\nIf ice_reset_vf() acquires the configuration lock via the ICE_VF_RESET_LOCK\nflag, this could deadlock with ice_vc_cfg_qs_msg() because it always\nacquires the locks in the order of the VF configuration lock and then the\nLAG mutex.\nLockdep reports this violation almost immediately on creating and then\nremoving 2 VF:\n======================================================\nWARNING: possible circular locking dependency detected\n6.8.0-rc6 #54 Tainted: G W O\n------------------------------------------------------\nkworker/60:3/6771 is trying to acquire lock:\nff40d43e099380a0 (&vf->cfg_lock){+.+.}-{3:3}, at: ice_reset_vf+0x22f/0x4d0 [ice]\nbut task is already holding lock:\nff40d43ea1961210 (&pf->lag_mutex){+.+.}-{3:3}, at: ice_reset_vf+0xb7/0x4d0 [ice]\nwhich lock already depends on the new lock.\nthe existing dependency chain (in reverse order) is:\n-> #1 (&pf->lag_mutex){+.+.}-{3:3}:\n__lock_acquire+0x4f8/0xb40\nlock_acquire+0xd4/0x2d0\n__mutex_lock+0x9b/0xbf0\nice_vc_cfg_qs_msg+0x45/0x690 [ice]\nice_vc_process_vf_msg+0x4f5/0x870 [ice]\n__ice_clean_ctrlq+0x2b5/0x600 [ice]\nice_service_task+0x2c9/0x480 [ice]\nprocess_one_work+0x1e9/0x4d0\nworker_thread+0x1e1/0x3d0\nkthread+0x104/0x140\nret_from_fork+0x31/0x50\nret_from_fork_asm+0x1b/0x30\n-> #0 (&vf->cfg_lock){+.+.}-{3:3}:\ncheck_prev_add+0xe2/0xc50\nvalidate_chain+0x558/0x800\n__lock_acquire+0x4f8/0xb40\nlock_acquire+0xd4/0x2d0\n__mutex_lock+0x9b/0xbf0\nice_reset_vf+0x22f/0x4d0 [ice]\nice_process_vflr_event+0x98/0xd0 [ice]\nice_service_task+0x1cc/0x480 [ice]\nprocess_one_work+0x1e9/0x4d0\nworker_thread+0x1e1/0x3d0\nkthread+0x104/0x140\nret_from_fork+0x31/0x50\nret_from_fork_asm+0x1b/0x30\nother info that might help us debug this:\nPossible unsafe locking scenario:\nCPU0 CPU1\n---- ----\nlock(&pf->lag_mutex);\nlock(&vf->cfg_lock);\nlock(&pf->lag_mutex);\nlock(&vf->cfg_lock);\n*** DEADLOCK ***\n4 locks held by kworker/60:3/6771:\n#0: ff40d43e05428b38 ((wq_completion)ice){+.+.}-{0:0}, at: process_one_work+0x176/0x4d0\n#1: ff50d06e05197e58 ((work_completion)(&pf->serv_task)){+.+.}-{0:0}, at: process_one_work+0x176/0x4d0\n#2: ff40d43ea1960e50 (&pf->vfs.table_lock){+.+.}-{3:3}, at: ice_process_vflr_event+0x48/0xd0 [ice]\n#3: ff40d43ea1961210 (&pf->lag_mutex){+.+.}-{3:3}, at: ice_reset_vf+0xb7/0x4d0 [ice]\nstack backtrace:\nCPU: 60 PID: 6771 Comm: kworker/60:3 Tainted: G W O 6.8.0-rc6 #54\nHardware name:\nWorkqueue: ice ice_service_task [ice]\nCall Trace:\n\ndump_stack_lvl+0x4a/0x80\ncheck_noncircular+0x12d/0x150\ncheck_prev_add+0xe2/0xc50\n? save_trace+0x59/0x230\n? add_chain_cache+0x109/0x450\nvalidate_chain+0x558/0x800\n__lock_acquire+0x4f8/0xb40\n? lockdep_hardirqs_on+0x7d/0x100\nlock_acquire+0xd4/0x2d0\n? ice_reset_vf+0x22f/0x4d0 [ice]\n? lock_is_held_type+0xc7/0x120\n__mutex_lock+0x9b/0xbf0\n? ice_reset_vf+0x22f/0x4d0 [ice]\n? ice_reset_vf+0x22f/0x4d0 [ice]\n? rcu_is_watching+0x11/0x50\n? ice_reset_vf+0x22f/0x4d0 [ice]\nice_reset_vf+0x22f/0x4d0 [ice]\n? process_one_work+0x176/0x4d0\nice_process_vflr_event+0x98/0xd0 [ice]\nice_service_task+0x1cc/0x480 [ice]\nprocess_one_work+0x1e9/0x4d0\nworker_thread+0x1e1/0x3d0\n? __pfx_worker_thread+0x10/0x10\nkthread+0x104/0x140\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x50\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1b/0x30\n\nTo avoid deadlock, we must acquire the LAG \n---truncated---

See more information about CVE-2024-36003 from MITRE CVE dictionary and NIST NVD


CVSS Scoring


NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score: 5.5 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector: Local network Attack Complexity: Low
Privileges Required: Low User Interaction: None
Scope: Unchanged Confidentiality Impact: None
Integrity Impact: None Availability Impact: High

Errata information


PlatformErrataRelease Date
Oracle Linux version 9 (kernel)ELSA-2024-59282024-08-28


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete