CVE-2024-26740
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:14
Severity ?
Summary
net/sched: act_mirred: use the backlog for mirred ingress
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:12.957Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7c787888d164689da8b1b115f3ef562c1e843af4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/60ddea1600bc476e0f5e02bce0e29a460ccbf0be"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/52f671db18823089a02f07efc04efdb2272ddc17"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26740",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:51:50.686758Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:17.875Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/act_mirred.c",
            "tools/testing/selftests/net/forwarding/tc_actions.sh"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7c787888d164",
              "status": "affected",
              "version": "53592b364001",
              "versionType": "git"
            },
            {
              "lessThan": "60ddea1600bc",
              "status": "affected",
              "version": "53592b364001",
              "versionType": "git"
            },
            {
              "lessThan": "52f671db1882",
              "status": "affected",
              "version": "53592b364001",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/act_mirred.c",
            "tools/testing/selftests/net/forwarding/tc_actions.sh"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mirred: use the backlog for mirred ingress\n\nThe test Davide added in commit ca22da2fbd69 (\"act_mirred: use the backlog\nfor nested calls to mirred ingress\") hangs our testing VMs every 10 or so\nruns, with the familiar tcp_v4_rcv -\u003e tcp_v4_rcv deadlock reported by\nlockdep.\n\nThe problem as previously described by Davide (see Link) is that\nif we reverse flow of traffic with the redirect (egress -\u003e ingress)\nwe may reach the same socket which generated the packet. And we may\nstill be holding its socket lock. The common solution to such deadlocks\nis to put the packet in the Rx backlog, rather than run the Rx path\ninline. Do that for all egress -\u003e ingress reversals, not just once\nwe started to nest mirred calls.\n\nIn the past there was a concern that the backlog indirection will\nlead to loss of error reporting / less accurate stats. But the current\nworkaround does not seem to address the issue."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:14:52.264Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7c787888d164689da8b1b115f3ef562c1e843af4"
        },
        {
          "url": "https://git.kernel.org/stable/c/60ddea1600bc476e0f5e02bce0e29a460ccbf0be"
        },
        {
          "url": "https://git.kernel.org/stable/c/52f671db18823089a02f07efc04efdb2272ddc17"
        }
      ],
      "title": "net/sched: act_mirred: use the backlog for mirred ingress",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26740",
    "datePublished": "2024-04-03T17:00:25.534Z",
    "dateReserved": "2024-02-19T14:20:24.166Z",
    "dateUpdated": "2024-11-05T09:14:52.264Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-26740\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-04-03T17:15:51.410\",\"lastModified\":\"2024-04-03T17:24:18.150\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/sched: act_mirred: use the backlog for mirred ingress\\n\\nThe test Davide added in commit ca22da2fbd69 (\\\"act_mirred: use the backlog\\nfor nested calls to mirred ingress\\\") hangs our testing VMs every 10 or so\\nruns, with the familiar tcp_v4_rcv -\u003e tcp_v4_rcv deadlock reported by\\nlockdep.\\n\\nThe problem as previously described by Davide (see Link) is that\\nif we reverse flow of traffic with the redirect (egress -\u003e ingress)\\nwe may reach the same socket which generated the packet. And we may\\nstill be holding its socket lock. The common solution to such deadlocks\\nis to put the packet in the Rx backlog, rather than run the Rx path\\ninline. Do that for all egress -\u003e ingress reversals, not just once\\nwe started to nest mirred calls.\\n\\nIn the past there was a concern that the backlog indirection will\\nlead to loss of error reporting / less accurate stats. But the current\\nworkaround does not seem to address the issue.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net/sched: act_mirred: use el trabajo pendiente para el ingreso duplicado. La prueba que Davide agreg\u00f3 en el compromiso ca22da2fbd69 (\\\"act_mirred: use el trabajo pendiente para llamadas anidadas para el ingreso duplicado\\\") bloquea nuestras m\u00e1quinas virtuales de prueba. aproximadamente cada 10 ejecuciones, con el conocido punto muerto tcp_v4_rcv -\u0026gt; tcp_v4_rcv informado por lockdep. El problema descrito anteriormente por Davide (ver Enlace) es que si invertimos el flujo de tr\u00e1fico con la redirecci\u00f3n (salida -\u0026gt; entrada) podemos llegar al mismo socket que gener\u00f3 el paquete. Y es posible que todav\u00eda estemos sosteniendo el bloqueo del enchufe. La soluci\u00f3n com\u00fan a estos puntos muertos es colocar el paquete en el trabajo pendiente de Rx, en lugar de ejecutar la ruta de Rx en l\u00ednea. Haga eso para todas las reversiones de salida -\u0026gt; entrada, no solo una vez que comenzamos a anidar llamadas reflejadas. En el pasado, exist\u00eda la preocupaci\u00f3n de que la direcci\u00f3n indirecta del trabajo pendiente provocara la p\u00e9rdida de informes de errores o estad\u00edsticas menos precisas. Pero la soluci\u00f3n actual no parece solucionar el problema.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/52f671db18823089a02f07efc04efdb2272ddc17\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/60ddea1600bc476e0f5e02bce0e29a460ccbf0be\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7c787888d164689da8b1b115f3ef562c1e843af4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.