CVE - CVE-2024-40995

CVE-ID
CVE-2024-40995	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() syzbot found hanging tasks waiting on rtnl_lock [1] A reproducer is available in the syzbot bug. When a request to add multiple actions with the same index is sent, the second request will block forever on the first request. This holds rtnl_lock, and causes tasks to hang. Return -EAGAIN to prevent infinite looping, while keeping documented behavior. [1] INFO: task kworker/1:0:5088 blocked for more than 143 seconds. Not tainted 6.9.0-rc4-syzkaller-00173-g3cdb45594619 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/1:0 state:D stack:23744 pid:5088 tgid:5088 ppid:2 flags:0x00004000 Workqueue: events_power_efficient reg_check_chans_work Call Trace: <TASK> context_switch kernel/sched/core.c:5409 [inline] __schedule+0xf15/0x5d00 kernel/sched/core.c:6746 __schedule_loop kernel/sched/core.c:6823 [inline] schedule+0xe7/0x350 kernel/sched/core.c:6838 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6895 __mutex_lock_common kernel/locking/mutex.c:684 [inline] __mutex_lock+0x5b8/0x9c0 kernel/locking/mutex.c:752 wiphy_lock include/net/cfg80211.h:5953 [inline] reg_leave_invalid_chans net/wireless/reg.c:2466 [inline] reg_check_chans_work+0x10a/0x10e0 net/wireless/reg.c:2481
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/0d8a2d287c8a394c0d4653f0c6c7be4c688e5a74 URL:https://git.kernel.org/stable/c/0d8a2d287c8a394c0d4653f0c6c7be4c688e5a74 MISC:https://git.kernel.org/stable/c/25987a97eec4d5f897cd04ee1b45170829c610da URL:https://git.kernel.org/stable/c/25987a97eec4d5f897cd04ee1b45170829c610da MISC:https://git.kernel.org/stable/c/5f926aa96b08b6c47178fe1171e7ae331c695fc2 URL:https://git.kernel.org/stable/c/5f926aa96b08b6c47178fe1171e7ae331c695fc2 MISC:https://git.kernel.org/stable/c/6fc78d67f51aeb9a542d39a8714e16bc411582d4 URL:https://git.kernel.org/stable/c/6fc78d67f51aeb9a542d39a8714e16bc411582d4 MISC:https://git.kernel.org/stable/c/7a0e497b597df7c4cf2b63fc6e9188b6cabe5335 URL:https://git.kernel.org/stable/c/7a0e497b597df7c4cf2b63fc6e9188b6cabe5335 MISC:https://git.kernel.org/stable/c/c6a7da65a296745535a964be1019ec7691b0cb90 URL:https://git.kernel.org/stable/c/c6a7da65a296745535a964be1019ec7691b0cb90 MISC:https://git.kernel.org/stable/c/d864319871b05fadd153e0aede4811ca7008f5d6 URL:https://git.kernel.org/stable/c/d864319871b05fadd153e0aede4811ca7008f5d6
Assigning CNA
kernel.org
Date Record Created
20240712	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240712)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)