CVE - CVE-2024-35895

CVE-ID
CVE-2024-35895	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Prevent lock inversion deadlock in map delete elem syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Because BPF tracing programs can be invoked from any interrupt context, locks taken during a map_delete_elem operation must be hardirq-safe. Otherwise a deadlock due to lock inversion is possible, as reported by lockdep: CPU0 CPU1 ---- ---- lock(&htab->buckets[i].lock); local_irq_disable(); lock(&host->lock); lock(&htab->buckets[i].lock); <Interrupt> lock(&host->lock); Locks in sockmap are hardirq-unsafe by design. We expects elements to be deleted from sockmap/sockhash only in task (normal) context with interrupts enabled, or in softirq context. Detect when map_delete_elem operation is invoked from a context which is _not_ hardirq-unsafe, that is interrupts are disabled, and bail out with an error. Note that map updates are not affected by this issue. BPF verifier does not allow updating sockmap/sockhash from a BPF tracing program today.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/668b3074aa14829e2ac2759799537a93b60fef86 URL:https://git.kernel.org/stable/c/668b3074aa14829e2ac2759799537a93b60fef86 MISC:https://git.kernel.org/stable/c/6af057ccdd8e7619960aca1f0428339f213b31cd URL:https://git.kernel.org/stable/c/6af057ccdd8e7619960aca1f0428339f213b31cd MISC:https://git.kernel.org/stable/c/a44770fed86515eedb5a7c00b787f847ebb134a5 URL:https://git.kernel.org/stable/c/a44770fed86515eedb5a7c00b787f847ebb134a5 MISC:https://git.kernel.org/stable/c/d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec URL:https://git.kernel.org/stable/c/d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec MISC:https://git.kernel.org/stable/c/dd54b48db0c822ae7b520bc80751f0a0a173ef75 URL:https://git.kernel.org/stable/c/dd54b48db0c822ae7b520bc80751f0a0a173ef75 MISC:https://git.kernel.org/stable/c/f7990498b05ac41f7d6a190dc0418ef1d21bf058 URL:https://git.kernel.org/stable/c/f7990498b05ac41f7d6a190dc0418ef1d21bf058 MISC:https://git.kernel.org/stable/c/ff91059932401894e6c86341915615c5eb0eca48 URL:https://git.kernel.org/stable/c/ff91059932401894e6c86341915615c5eb0eca48 MLIST:[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update URL:https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Assigning CNA
kernel.org
Date Record Created
20240517	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240517)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)