5.5

CVE-2024-35895

bpf, sockmap: Prevent lock inversion deadlock in map delete elem

In the Linux kernel, the following vulnerability has been resolved:

bpf, sockmap: Prevent lock inversion deadlock in map delete elem

syzkaller started using corpuses where a BPF tracing program deletes
elements from a sockmap/sockhash map. Because BPF tracing programs can be
invoked from any interrupt context, locks taken during a map_delete_elem
operation must be hardirq-safe. Otherwise a deadlock due to lock inversion
is possible, as reported by lockdep:

       CPU0                    CPU1
       ----                    ----
  lock(&htab->buckets[i].lock);
                               local_irq_disable();
                               lock(&host->lock);
                               lock(&htab->buckets[i].lock);
  <Interrupt>
    lock(&host->lock);

Locks in sockmap are hardirq-unsafe by design. We expects elements to be
deleted from sockmap/sockhash only in task (normal) context with interrupts
enabled, or in softirq context.

Detect when map_delete_elem operation is invoked from a context which is
_not_ hardirq-unsafe, that is interrupts are disabled, and bail out with an
error.

Note that map updates are not affected by this issue. BPF verifier does not
allow updating sockmap/sockhash from a BPF tracing program today.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.20 < 5.4.274
LinuxLinux Kernel Version >= 5.5 < 5.10.215
LinuxLinux Kernel Version >= 5.11 < 5.15.154
LinuxLinux Kernel Version >= 5.16 < 6.1.85
LinuxLinux Kernel Version >= 6.2 < 6.6.26
LinuxLinux Kernel Version >= 6.7 < 6.8.5
LinuxLinux Kernel Version6.9 Updaterc1
LinuxLinux Kernel Version6.9 Updaterc2
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.077
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Mailing List
https://git.kernel.org/stable/c/668b3074aa14829e2ac2759799537a93b60fef86
Patch
https://git.kernel.org/stable/c/6af057ccdd8e7619960aca1f0428339f213b31cd
Patch
https://git.kernel.org/stable/c/a44770fed86515eedb5a7c00b787f847ebb134a5
Patch
https://git.kernel.org/stable/c/d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec
Patch
https://git.kernel.org/stable/c/dd54b48db0c822ae7b520bc80751f0a0a173ef75
Patch
https://git.kernel.org/stable/c/f7990498b05ac41f7d6a190dc0418ef1d21bf058
Patch
https://git.kernel.org/stable/c/ff91059932401894e6c86341915615c5eb0eca48
Patch
https://cert-portal.siemens.com/productcert/html/ssa-265688.html