Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2024-35895

Disclosure Date: May 19, 2024 •

CVE-2024-35895

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

bpf, sockmap: Prevent lock inversion deadlock in map delete elem

syzkaller started using corpuses where a BPF tracing program deletes
elements from a sockmap/sockhash map. Because BPF tracing programs can be
invoked from any interrupt context, locks taken during a map_delete_elem
operation must be hardirq-safe. Otherwise a deadlock due to lock inversion
is possible, as reported by lockdep:

   CPU0                    CPU1
   ----                    ----

lock(&htab->buckets[i].lock);

                           local_irq_disable();
                           lock(&host->lock);
                           lock(&htab->buckets[i].lock);

<Interrupt>

lock(&host->lock);

Locks in sockmap are hardirq-unsafe by design. We expects elements to be
deleted from sockmap/sockhash only in task (normal) context with interrupts
enabled, or in softirq context.

Detect when map_delete_elem operation is invoked from a context which is
not hardirq-unsafe, that is interrupts are disabled, and bail out with an
error.

Note that map updates are not affected by this issue. BPF verifier does not
allow updating sockmap/sockhash from a BPF tracing program today.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Linux

Products

Linux

References

Canonical

CVE-2024-35895 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35895)

Miscellaneous

https://git.kernel.org/stable/c/f7990498b05ac41f7d6a190dc0418ef1d21bf058

https://git.kernel.org/stable/c/dd54b48db0c822ae7b520bc80751f0a0a173ef75

https://git.kernel.org/stable/c/d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec

https://git.kernel.org/stable/c/a44770fed86515eedb5a7c00b787f847ebb134a5

https://git.kernel.org/stable/c/668b3074aa14829e2ac2759799537a93b60fef86

https://git.kernel.org/stable/c/6af057ccdd8e7619960aca1f0428339f213b31cd

https://git.kernel.org/stable/c/ff91059932401894e6c86341915615c5eb0eca48

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

https://git.kernel.org/stable/c/913c30f827e17d8cda1da6eeb990f350d36cb69b

Rapid7

Unknown

CVE-2024-35895

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-35895

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2024-35895

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2024-35895

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification