Release Date: | 2024-06-19 |
In the Linux kernel, the following vulnerability has been resolved:\nnetrom: fix possible dead-lock in nr_rt_ioctl()\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\n[1]\nWARNING: possible circular locking dependency detected\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\n------------------------------------------------------\nsyz-executor350/5129 is trying to acquire lock:\nffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\nffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\nffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\nffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\nbut task is already holding lock:\nffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\nffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\nffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\nwhich lock already depends on the new lock.\nthe existing dependency chain (in reverse order) is:\n-> #1 (nr_node_list_lock){+...}-{2:2}:\nlock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n_raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\nspin_lock_bh include/linux/spinlock.h:356 [inline]\nnr_remove_node net/netrom/nr_route.c:299 [inline]\nnr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\nnr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\nsock_do_ioctl+0x158/0x460 net/socket.c:1222\nsock_ioctl+0x629/0x8e0 net/socket.c:1341\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_sys_ioctl fs/ioctl.c:904 [inline]\n__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\n-> #0 (&nr_node->node_lock){+...}-{2:2}:\ncheck_prev_add kernel/locking/lockdep.c:3134 [inline]\ncheck_prevs_add kernel/locking/lockdep.c:3253 [inline]\nvalidate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\n__lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\nlock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n_raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\nspin_lock_bh include/linux/spinlock.h:356 [inline]\nnr_node_lock include/net/netrom.h:152 [inline]\nnr_dec_obs net/netrom/nr_route.c:464 [inline]\nnr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\nsock_do_ioctl+0x158/0x460 net/socket.c:1222\nsock_ioctl+0x629/0x8e0 net/socket.c:1341\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_sys_ioctl fs/ioctl.c:904 [inline]\n__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nother info that might help us debug this:\nPossible unsafe locking scenario:\nCPU0 CPU1\n---- ----\nlock(nr_node_list_lock);\nlock(&nr_node->node_lock);\nlock(nr_node_list_lock);\nlock(&nr_node->node_lock);\n*** DEADLOCK ***\n1 lock held by syz-executor350/5129:\n#0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n#0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n#0: ffffffff8f70\n---truncated---
See more information about CVE-2024-38589 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
Base Score: | 5.5 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Attack Vector: | Local network | Attack Complexity: | Low |
Privileges Required: | Low | User Interaction: | None |
Scope: | Unchanged | Confidentiality Impact: | None |
Integrity Impact: | None | Availability Impact: | High |
Platform | Errata | Release Date |
Oracle Linux version 7 (kernel-uek) | ELSA-2024-12581 | 2024-08-12 |
Oracle Linux version 7 (kernel-uek) | ELSA-2024-12611 | 2024-09-11 |
Oracle Linux version 7 (kernel-uek-container) | ELSA-2024-12585 | 2024-08-12 |
Oracle Linux version 8 (kernel-uek) | ELSA-2024-12581 | 2024-08-12 |
Oracle Linux version 8 (kernel-uek-container) | ELSA-2024-12584 | 2024-08-12 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections: