CVE-2024-27014 (GCVE-0-2024-27014)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:29 – Updated: 2026-05-11 20:08
VLAI?
Title
net/mlx5e: Prevent deadlock while disabling aRFS
Summary
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent deadlock while disabling aRFS When disabling aRFS under the `priv->state_lock`, any scheduled aRFS works are canceled using the `cancel_work_sync` function, which waits for the work to end if it has already started. However, while waiting for the work handler, the handler will try to acquire the `state_lock` which is already acquired. The worker acquires the lock to delete the rules if the state is down, which is not the worker's responsibility since disabling aRFS deletes the rules. Add an aRFS state variable, which indicates whether the aRFS is enabled and prevent adding rules when the aRFS is disabled. Kernel log: ====================================================== WARNING: possible circular locking dependency detected 6.7.0-rc4_net_next_mlx5_5483eb2 #1 Tainted: G I ------------------------------------------------------ ethtool/386089 is trying to acquire lock: ffff88810f21ce68 ((work_completion)(&rule->arfs_work)){+.+.}-{0:0}, at: __flush_work+0x74/0x4e0 but task is already holding lock: ffff8884a1808cc0 (&priv->state_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core] which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&priv->state_lock){+.+.}-{3:3}: __mutex_lock+0x80/0xc90 arfs_handle_work+0x4b/0x3b0 [mlx5_core] process_one_work+0x1dc/0x4a0 worker_thread+0x1bf/0x3c0 kthread+0xd7/0x100 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x11/0x20 -> #0 ((work_completion)(&rule->arfs_work)){+.+.}-{0:0}: __lock_acquire+0x17b4/0x2c80 lock_acquire+0xd0/0x2b0 __flush_work+0x7a/0x4e0 __cancel_work_timer+0x131/0x1c0 arfs_del_rules+0x143/0x1e0 [mlx5_core] mlx5e_arfs_disable+0x1b/0x30 [mlx5_core] mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core] ethnl_set_channels+0x28f/0x3b0 ethnl_default_set_doit+0xec/0x240 genl_family_rcv_msg_doit+0xd0/0x120 genl_rcv_msg+0x188/0x2c0 netlink_rcv_skb+0x54/0x100 genl_rcv+0x24/0x40 netlink_unicast+0x1a1/0x270 netlink_sendmsg+0x214/0x460 __sock_sendmsg+0x38/0x60 __sys_sendto+0x113/0x170 __x64_sys_sendto+0x20/0x30 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x46/0x4e other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&priv->state_lock); lock((work_completion)(&rule->arfs_work)); lock(&priv->state_lock); lock((work_completion)(&rule->arfs_work)); *** DEADLOCK *** 3 locks held by ethtool/386089: #0: ffffffff82ea7210 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 #1: ffffffff82e94c88 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_set_doit+0xd3/0x240 #2: ffff8884a1808cc0 (&priv->state_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core] stack backtrace: CPU: 15 PID: 386089 Comm: ethtool Tainted: G I 6.7.0-rc4_net_next_mlx5_5483eb2 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x60/0xa0 check_noncircular+0x144/0x160 __lock_acquire+0x17b4/0x2c80 lock_acquire+0xd0/0x2b0 ? __flush_work+0x74/0x4e0 ? save_trace+0x3e/0x360 ? __flush_work+0x74/0x4e0 __flush_work+0x7a/0x4e0 ? __flush_work+0x74/0x4e0 ? __lock_acquire+0xa78/0x2c80 ? lock_acquire+0xd0/0x2b0 ? mark_held_locks+0x49/0x70 __cancel_work_timer+0x131/0x1c0 ? mark_held_locks+0x49/0x70 arfs_del_rules+0x143/0x1e0 [mlx5_core] mlx5e_arfs_disable+0x1b/0x30 [mlx5_core] mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core] ethnl_set_channels+0x28f/0x3b0 ethnl_default_set_doit+0xec/0x240 genl_family_rcv_msg_doit+0xd0/0x120 genl_rcv_msg+0x188/0x2c0 ? ethn ---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 45bf454ae88414e80b80979ebb2c22bd66ea7d1b , < 46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b (git)
Affected: 45bf454ae88414e80b80979ebb2c22bd66ea7d1b , < 48c4bb81df19402d4346032353d0795260255e3b (git)
Affected: 45bf454ae88414e80b80979ebb2c22bd66ea7d1b , < 0080bf99499468030248ebd25dd645e487dcecdc (git)
Affected: 45bf454ae88414e80b80979ebb2c22bd66ea7d1b , < fef965764cf562f28afb997b626fc7c3cec99693 (git)
Create a notification for this product.
Linux Linux Affected: 4.7
Unaffected: 0 , < 4.7 (semver)
Unaffected: 6.1.88 , ≤ 6.1.* (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27014",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:40:27.350253Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:46:06.728Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:17:11.645Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/48c4bb81df19402d4346032353d0795260255e3b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0080bf99499468030248ebd25dd645e487dcecdc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fef965764cf562f28afb997b626fc7c3cec99693"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b",
              "status": "affected",
              "version": "45bf454ae88414e80b80979ebb2c22bd66ea7d1b",
              "versionType": "git"
            },
            {
              "lessThan": "48c4bb81df19402d4346032353d0795260255e3b",
              "status": "affected",
              "version": "45bf454ae88414e80b80979ebb2c22bd66ea7d1b",
              "versionType": "git"
            },
            {
              "lessThan": "0080bf99499468030248ebd25dd645e487dcecdc",
              "status": "affected",
              "version": "45bf454ae88414e80b80979ebb2c22bd66ea7d1b",
              "versionType": "git"
            },
            {
              "lessThan": "fef965764cf562f28afb997b626fc7c3cec99693",
              "status": "affected",
              "version": "45bf454ae88414e80b80979ebb2c22bd66ea7d1b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.88",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Prevent deadlock while disabling aRFS\n\nWhen disabling aRFS under the `priv-\u003estate_lock`, any scheduled\naRFS works are canceled using the `cancel_work_sync` function,\nwhich waits for the work to end if it has already started.\nHowever, while waiting for the work handler, the handler will\ntry to acquire the `state_lock` which is already acquired.\n\nThe worker acquires the lock to delete the rules if the state\nis down, which is not the worker\u0027s responsibility since\ndisabling aRFS deletes the rules.\n\nAdd an aRFS state variable, which indicates whether the aRFS is\nenabled and prevent adding rules when the aRFS is disabled.\n\nKernel log:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.7.0-rc4_net_next_mlx5_5483eb2 #1 Tainted: G          I\n------------------------------------------------------\nethtool/386089 is trying to acquire lock:\nffff88810f21ce68 ((work_completion)(\u0026rule-\u003earfs_work)){+.+.}-{0:0}, at: __flush_work+0x74/0x4e0\n\nbut task is already holding lock:\nffff8884a1808cc0 (\u0026priv-\u003estate_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #1 (\u0026priv-\u003estate_lock){+.+.}-{3:3}:\n       __mutex_lock+0x80/0xc90\n       arfs_handle_work+0x4b/0x3b0 [mlx5_core]\n       process_one_work+0x1dc/0x4a0\n       worker_thread+0x1bf/0x3c0\n       kthread+0xd7/0x100\n       ret_from_fork+0x2d/0x50\n       ret_from_fork_asm+0x11/0x20\n\n-\u003e #0 ((work_completion)(\u0026rule-\u003earfs_work)){+.+.}-{0:0}:\n       __lock_acquire+0x17b4/0x2c80\n       lock_acquire+0xd0/0x2b0\n       __flush_work+0x7a/0x4e0\n       __cancel_work_timer+0x131/0x1c0\n       arfs_del_rules+0x143/0x1e0 [mlx5_core]\n       mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\n       mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\n       ethnl_set_channels+0x28f/0x3b0\n       ethnl_default_set_doit+0xec/0x240\n       genl_family_rcv_msg_doit+0xd0/0x120\n       genl_rcv_msg+0x188/0x2c0\n       netlink_rcv_skb+0x54/0x100\n       genl_rcv+0x24/0x40\n       netlink_unicast+0x1a1/0x270\n       netlink_sendmsg+0x214/0x460\n       __sock_sendmsg+0x38/0x60\n       __sys_sendto+0x113/0x170\n       __x64_sys_sendto+0x20/0x30\n       do_syscall_64+0x40/0xe0\n       entry_SYSCALL_64_after_hwframe+0x46/0x4e\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n       CPU0                    CPU1\n       ----                    ----\n  lock(\u0026priv-\u003estate_lock);\n                               lock((work_completion)(\u0026rule-\u003earfs_work));\n                               lock(\u0026priv-\u003estate_lock);\n  lock((work_completion)(\u0026rule-\u003earfs_work));\n\n *** DEADLOCK ***\n\n3 locks held by ethtool/386089:\n #0: ffffffff82ea7210 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40\n #1: ffffffff82e94c88 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_set_doit+0xd3/0x240\n #2: ffff8884a1808cc0 (\u0026priv-\u003estate_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\n\nstack backtrace:\nCPU: 15 PID: 386089 Comm: ethtool Tainted: G          I        6.7.0-rc4_net_next_mlx5_5483eb2 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x60/0xa0\n check_noncircular+0x144/0x160\n __lock_acquire+0x17b4/0x2c80\n lock_acquire+0xd0/0x2b0\n ? __flush_work+0x74/0x4e0\n ? save_trace+0x3e/0x360\n ? __flush_work+0x74/0x4e0\n __flush_work+0x7a/0x4e0\n ? __flush_work+0x74/0x4e0\n ? __lock_acquire+0xa78/0x2c80\n ? lock_acquire+0xd0/0x2b0\n ? mark_held_locks+0x49/0x70\n __cancel_work_timer+0x131/0x1c0\n ? mark_held_locks+0x49/0x70\n arfs_del_rules+0x143/0x1e0 [mlx5_core]\n mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\n mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\n ethnl_set_channels+0x28f/0x3b0\n ethnl_default_set_doit+0xec/0x240\n genl_family_rcv_msg_doit+0xd0/0x120\n genl_rcv_msg+0x188/0x2c0\n ? ethn\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:08:44.844Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b"
        },
        {
          "url": "https://git.kernel.org/stable/c/48c4bb81df19402d4346032353d0795260255e3b"
        },
        {
          "url": "https://git.kernel.org/stable/c/0080bf99499468030248ebd25dd645e487dcecdc"
        },
        {
          "url": "https://git.kernel.org/stable/c/fef965764cf562f28afb997b626fc7c3cec99693"
        }
      ],
      "title": "net/mlx5e: Prevent deadlock while disabling aRFS",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27014",
    "datePublished": "2024-05-01T05:29:46.980Z",
    "dateReserved": "2024-02-19T14:20:24.209Z",
    "dateUpdated": "2026-05-11T20:08:44.844Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-27014",
      "date": "2026-05-19",
      "epss": "0.0001",
      "percentile": "0.01069"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.13\", \"versionEndExcluding\": \"5.15.157\", \"matchCriteriaId\": \"A2C4A57D-9BB2-4F58-857C-857CE22EE580\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.16\", \"versionEndExcluding\": \"6.1.88\", \"matchCriteriaId\": \"B665F958-644E-434D-A78D-CCD1628D1774\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2\", \"versionEndExcluding\": \"6.6.29\", \"matchCriteriaId\": \"0999E154-1E68-41FA-8DE3-9A735E382224\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.7\", \"versionEndExcluding\": \"6.8.8\", \"matchCriteriaId\": \"673B3328-389D-41A4-9617-669298635262\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"22BEDD49-2C6D-402D-9DBF-6646F6ECD10B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"52048DDA-FC5A-4363-95A0-A6357B4D7F8C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"A06B2CCF-3F43-4FA9-8773-C83C3F5764B2\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/mlx5e: Prevent deadlock while disabling aRFS\\n\\nWhen disabling aRFS under the `priv-\u003estate_lock`, any scheduled\\naRFS works are canceled using the `cancel_work_sync` function,\\nwhich waits for the work to end if it has already started.\\nHowever, while waiting for the work handler, the handler will\\ntry to acquire the `state_lock` which is already acquired.\\n\\nThe worker acquires the lock to delete the rules if the state\\nis down, which is not the worker\u0027s responsibility since\\ndisabling aRFS deletes the rules.\\n\\nAdd an aRFS state variable, which indicates whether the aRFS is\\nenabled and prevent adding rules when the aRFS is disabled.\\n\\nKernel log:\\n\\n======================================================\\nWARNING: possible circular locking dependency detected\\n6.7.0-rc4_net_next_mlx5_5483eb2 #1 Tainted: G          I\\n------------------------------------------------------\\nethtool/386089 is trying to acquire lock:\\nffff88810f21ce68 ((work_completion)(\u0026rule-\u003earfs_work)){+.+.}-{0:0}, at: __flush_work+0x74/0x4e0\\n\\nbut task is already holding lock:\\nffff8884a1808cc0 (\u0026priv-\u003estate_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\\n\\nwhich lock already depends on the new lock.\\n\\nthe existing dependency chain (in reverse order) is:\\n\\n-\u003e #1 (\u0026priv-\u003estate_lock){+.+.}-{3:3}:\\n       __mutex_lock+0x80/0xc90\\n       arfs_handle_work+0x4b/0x3b0 [mlx5_core]\\n       process_one_work+0x1dc/0x4a0\\n       worker_thread+0x1bf/0x3c0\\n       kthread+0xd7/0x100\\n       ret_from_fork+0x2d/0x50\\n       ret_from_fork_asm+0x11/0x20\\n\\n-\u003e #0 ((work_completion)(\u0026rule-\u003earfs_work)){+.+.}-{0:0}:\\n       __lock_acquire+0x17b4/0x2c80\\n       lock_acquire+0xd0/0x2b0\\n       __flush_work+0x7a/0x4e0\\n       __cancel_work_timer+0x131/0x1c0\\n       arfs_del_rules+0x143/0x1e0 [mlx5_core]\\n       mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\\n       mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\\n       ethnl_set_channels+0x28f/0x3b0\\n       ethnl_default_set_doit+0xec/0x240\\n       genl_family_rcv_msg_doit+0xd0/0x120\\n       genl_rcv_msg+0x188/0x2c0\\n       netlink_rcv_skb+0x54/0x100\\n       genl_rcv+0x24/0x40\\n       netlink_unicast+0x1a1/0x270\\n       netlink_sendmsg+0x214/0x460\\n       __sock_sendmsg+0x38/0x60\\n       __sys_sendto+0x113/0x170\\n       __x64_sys_sendto+0x20/0x30\\n       do_syscall_64+0x40/0xe0\\n       entry_SYSCALL_64_after_hwframe+0x46/0x4e\\n\\nother info that might help us debug this:\\n\\n Possible unsafe locking scenario:\\n\\n       CPU0                    CPU1\\n       ----                    ----\\n  lock(\u0026priv-\u003estate_lock);\\n                               lock((work_completion)(\u0026rule-\u003earfs_work));\\n                               lock(\u0026priv-\u003estate_lock);\\n  lock((work_completion)(\u0026rule-\u003earfs_work));\\n\\n *** DEADLOCK ***\\n\\n3 locks held by ethtool/386089:\\n #0: ffffffff82ea7210 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40\\n #1: ffffffff82e94c88 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_set_doit+0xd3/0x240\\n #2: ffff8884a1808cc0 (\u0026priv-\u003estate_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\\n\\nstack backtrace:\\nCPU: 15 PID: 386089 Comm: ethtool Tainted: G          I        6.7.0-rc4_net_next_mlx5_5483eb2 #1\\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\\nCall Trace:\\n \u003cTASK\u003e\\n dump_stack_lvl+0x60/0xa0\\n check_noncircular+0x144/0x160\\n __lock_acquire+0x17b4/0x2c80\\n lock_acquire+0xd0/0x2b0\\n ? __flush_work+0x74/0x4e0\\n ? save_trace+0x3e/0x360\\n ? __flush_work+0x74/0x4e0\\n __flush_work+0x7a/0x4e0\\n ? __flush_work+0x74/0x4e0\\n ? __lock_acquire+0xa78/0x2c80\\n ? lock_acquire+0xd0/0x2b0\\n ? mark_held_locks+0x49/0x70\\n __cancel_work_timer+0x131/0x1c0\\n ? mark_held_locks+0x49/0x70\\n arfs_del_rules+0x143/0x1e0 [mlx5_core]\\n mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\\n mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\\n ethnl_set_channels+0x28f/0x3b0\\n ethnl_default_set_doit+0xec/0x240\\n genl_family_rcv_msg_doit+0xd0/0x120\\n genl_rcv_msg+0x188/0x2c0\\n ? ethn\\n---truncated---\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: evita el interbloqueo al deshabilitar aRFS. Al deshabilitar aRFS bajo `priv-\u0026gt;state_lock`, cualquier trabajo de aRFS programado se cancela usando la funci\\u00f3n `cancel_work_sync`, que espera la trabajo para terminar si ya ha comenzado. Sin embargo, mientras espera el controlador de trabajo, el controlador intentar\\u00e1 adquirir el `state_lock` que ya est\\u00e1 adquirido. El trabajador adquiere el bloqueo para eliminar las reglas si el estado est\\u00e1 inactivo, lo cual no es responsabilidad del trabajador ya que al desactivar aRFS se eliminan las reglas. Agregue una variable de estado de aRFS, que indica si aRFS est\\u00e1 habilitado y evita agregar reglas cuando aRFS est\\u00e1 deshabilitado. Registro del kernel: ================================================= ======= ADVERTENCIA: posible dependencia de bloqueo circular detectada 6.7.0-rc4_net_next_mlx5_5483eb2 #1 Contaminado: GI -------------------- ---------------------- ethtool/386089 est\\u00e1 intentando adquirir el bloqueo: ffff88810f21ce68 ((work_completion)(\u0026amp;rule-\u0026gt;arfs_work)){ +.+.}-{0:0}, en: __flush_work+0x74/0x4e0 pero la tarea ya mantiene el bloqueo: ffff8884a1808cc0 (\u0026amp;priv-\u0026gt;state_lock){+.+.}-{3:3}, en: mlx5e_ethtool_set_channels+ 0x53/0x200 [mlx5_core] cuyo bloqueo ya depende del nuevo bloqueo. la cadena de dependencia existente (en orden inverso) es: -\u0026gt; #1 (\u0026amp;priv-\u0026gt;state_lock){+.+.}-{3:3}: __mutex_lock+0x80/0xc90 arfs_handle_work+0x4b/0x3b0 [mlx5_core] Process_one_work+0x1dc /0x4a0 work_thread+0x1bf/0x3c0 kthread+0xd7/0x100 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x11/0x20 -\u0026gt; #0 ((work_completion)(\u0026amp;rule-\u0026gt;arfs_work)){+.+.}-{0:0}: __lock_acquire+0x17b4/0x2c80 lock_acquire+0xd0/0x2b0 __flush_work+0x7a/0x4e0 __cancel_work_timer+0x131/0x1c0 arfs_del_rules+0x143/0x1e0 [mlx5_core] mlx5e_arfs_disable+0x1b/0x30 mlx5_core] mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core] ethnl_set_channels+0x28f/0x3b0 ethnl_default_set_doit +0xec/0x240 genl_family_rcv_msg_doit+0xd0/0x120 genl_rcv_msg+0x188/0x2c0 netlink_rcv_skb+0x54/0x100 genl_rcv+0x24/0x40 netlink_unicast+0x1a1/0x270 netlink_sendmsg+0x214/0 x460 __sock_sendmsg+0x38/0x60 __sys_sendto+0x113/0x170 __x64_sys_sendto+0x20/0x30 do_syscall_64 +0x40/0xe0 Entry_SYSCALL_64_after_hwframe+0x46/0x4e otra informaci\\u00f3n que podr\\u00eda ayudarnos a depurar esto: Posible escenario de bloqueo inseguro: CPU0 CPU1 ---- ---- lock(\u0026amp;priv-\u0026gt;state_lock); lock((work_completion)(\u0026amp;rule-\u0026gt;arfs_work)); bloquear(\u0026amp;priv-\u0026gt;state_lock); lock((work_completion)(\u0026amp;rule-\u0026gt;arfs_work)); *** DEADLOCK *** 3 bloqueos retenidos por ethtool/386089: #0: ffffffff82ea7210 (cb_lock){++++}-{3:3}, en: genl_rcv+0x15/0x40 #1: ffffffff82e94c88 (rtnl_mutex){ +.+.}-{3:3}, en: ethnl_default_set_doit+0xd3/0x240 #2: ffff8884a1808cc0 (\u0026amp;priv-\u0026gt;state_lock){+.+.}-{3:3}, en: mlx5e_ethtool_set_channels+0x53/0x200 [ mlx5_core] seguimiento de pila: CPU: 15 PID: 386089 Comm: ethtool Tainted: GI 6.7.0-rc4_net_next_mlx5_5483eb2 #1 Nombre de hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt .qemu.org 01/04/2014 Seguimiento de llamadas:  dump_stack_lvl+0x60/0xa0 check_noncircular+0x144/0x160 __lock_acquire+0x17b4/0x2c80 lock_acquire+0xd0/0x2b0? __flush_work+0x74/0x4e0? save_trace+0x3e/0x360? __flush_work+0x74/0x4e0 __flush_work+0x7a/0x4e0 ? __flush_work+0x74/0x4e0? __lock_acquire+0xa78/0x2c80? lock_acquire+0xd0/0x2b0? mark_held_locks+0x49/0x70 __cancel_work_timer+0x131/0x1c0 ? mark_held_locks+0x49/0x70 arfs_del_rules+0x143/0x1e0 [mlx5_core] mlx5e_arfs_disable+0x1b/0x30 [mlx5_core] mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core] ethnl_set_channels+0x28f/0x3b0 ethnl_default_set_doit+0xec/0x240 genl_family_rcv_msg_doit+0xd0/0x120 genl_rcv_msg+0x188/0x2c0 ? ethn ---truncado---\"}]",
      "id": "CVE-2024-27014",
      "lastModified": "2024-11-21T09:03:39.663",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
      "published": "2024-05-01T06:15:20.063",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/0080bf99499468030248ebd25dd645e487dcecdc\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/48c4bb81df19402d4346032353d0795260255e3b\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/fef965764cf562f28afb997b626fc7c3cec99693\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/0080bf99499468030248ebd25dd645e487dcecdc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/48c4bb81df19402d4346032353d0795260255e3b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/fef965764cf562f28afb997b626fc7c3cec99693\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-667\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-27014\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-01T06:15:20.063\",\"lastModified\":\"2025-11-04T18:16:11.173\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/mlx5e: Prevent deadlock while disabling aRFS\\n\\nWhen disabling aRFS under the `priv-\u003estate_lock`, any scheduled\\naRFS works are canceled using the `cancel_work_sync` function,\\nwhich waits for the work to end if it has already started.\\nHowever, while waiting for the work handler, the handler will\\ntry to acquire the `state_lock` which is already acquired.\\n\\nThe worker acquires the lock to delete the rules if the state\\nis down, which is not the worker\u0027s responsibility since\\ndisabling aRFS deletes the rules.\\n\\nAdd an aRFS state variable, which indicates whether the aRFS is\\nenabled and prevent adding rules when the aRFS is disabled.\\n\\nKernel log:\\n\\n======================================================\\nWARNING: possible circular locking dependency detected\\n6.7.0-rc4_net_next_mlx5_5483eb2 #1 Tainted: G          I\\n------------------------------------------------------\\nethtool/386089 is trying to acquire lock:\\nffff88810f21ce68 ((work_completion)(\u0026rule-\u003earfs_work)){+.+.}-{0:0}, at: __flush_work+0x74/0x4e0\\n\\nbut task is already holding lock:\\nffff8884a1808cc0 (\u0026priv-\u003estate_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\\n\\nwhich lock already depends on the new lock.\\n\\nthe existing dependency chain (in reverse order) is:\\n\\n-\u003e #1 (\u0026priv-\u003estate_lock){+.+.}-{3:3}:\\n       __mutex_lock+0x80/0xc90\\n       arfs_handle_work+0x4b/0x3b0 [mlx5_core]\\n       process_one_work+0x1dc/0x4a0\\n       worker_thread+0x1bf/0x3c0\\n       kthread+0xd7/0x100\\n       ret_from_fork+0x2d/0x50\\n       ret_from_fork_asm+0x11/0x20\\n\\n-\u003e #0 ((work_completion)(\u0026rule-\u003earfs_work)){+.+.}-{0:0}:\\n       __lock_acquire+0x17b4/0x2c80\\n       lock_acquire+0xd0/0x2b0\\n       __flush_work+0x7a/0x4e0\\n       __cancel_work_timer+0x131/0x1c0\\n       arfs_del_rules+0x143/0x1e0 [mlx5_core]\\n       mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\\n       mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\\n       ethnl_set_channels+0x28f/0x3b0\\n       ethnl_default_set_doit+0xec/0x240\\n       genl_family_rcv_msg_doit+0xd0/0x120\\n       genl_rcv_msg+0x188/0x2c0\\n       netlink_rcv_skb+0x54/0x100\\n       genl_rcv+0x24/0x40\\n       netlink_unicast+0x1a1/0x270\\n       netlink_sendmsg+0x214/0x460\\n       __sock_sendmsg+0x38/0x60\\n       __sys_sendto+0x113/0x170\\n       __x64_sys_sendto+0x20/0x30\\n       do_syscall_64+0x40/0xe0\\n       entry_SYSCALL_64_after_hwframe+0x46/0x4e\\n\\nother info that might help us debug this:\\n\\n Possible unsafe locking scenario:\\n\\n       CPU0                    CPU1\\n       ----                    ----\\n  lock(\u0026priv-\u003estate_lock);\\n                               lock((work_completion)(\u0026rule-\u003earfs_work));\\n                               lock(\u0026priv-\u003estate_lock);\\n  lock((work_completion)(\u0026rule-\u003earfs_work));\\n\\n *** DEADLOCK ***\\n\\n3 locks held by ethtool/386089:\\n #0: ffffffff82ea7210 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40\\n #1: ffffffff82e94c88 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_set_doit+0xd3/0x240\\n #2: ffff8884a1808cc0 (\u0026priv-\u003estate_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\\n\\nstack backtrace:\\nCPU: 15 PID: 386089 Comm: ethtool Tainted: G          I        6.7.0-rc4_net_next_mlx5_5483eb2 #1\\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\\nCall Trace:\\n \u003cTASK\u003e\\n dump_stack_lvl+0x60/0xa0\\n check_noncircular+0x144/0x160\\n __lock_acquire+0x17b4/0x2c80\\n lock_acquire+0xd0/0x2b0\\n ? __flush_work+0x74/0x4e0\\n ? save_trace+0x3e/0x360\\n ? __flush_work+0x74/0x4e0\\n __flush_work+0x7a/0x4e0\\n ? __flush_work+0x74/0x4e0\\n ? __lock_acquire+0xa78/0x2c80\\n ? lock_acquire+0xd0/0x2b0\\n ? mark_held_locks+0x49/0x70\\n __cancel_work_timer+0x131/0x1c0\\n ? mark_held_locks+0x49/0x70\\n arfs_del_rules+0x143/0x1e0 [mlx5_core]\\n mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\\n mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\\n ethnl_set_channels+0x28f/0x3b0\\n ethnl_default_set_doit+0xec/0x240\\n genl_family_rcv_msg_doit+0xd0/0x120\\n genl_rcv_msg+0x188/0x2c0\\n ? ethn\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: evita el interbloqueo al deshabilitar aRFS. Al deshabilitar aRFS bajo `priv-\u0026gt;state_lock`, cualquier trabajo de aRFS programado se cancela usando la funci\u00f3n `cancel_work_sync`, que espera la trabajo para terminar si ya ha comenzado. Sin embargo, mientras espera el controlador de trabajo, el controlador intentar\u00e1 adquirir el `state_lock` que ya est\u00e1 adquirido. El trabajador adquiere el bloqueo para eliminar las reglas si el estado est\u00e1 inactivo, lo cual no es responsabilidad del trabajador ya que al desactivar aRFS se eliminan las reglas. Agregue una variable de estado de aRFS, que indica si aRFS est\u00e1 habilitado y evita agregar reglas cuando aRFS est\u00e1 deshabilitado. Registro del kernel: ================================================= ======= ADVERTENCIA: posible dependencia de bloqueo circular detectada 6.7.0-rc4_net_next_mlx5_5483eb2 #1 Contaminado: GI -------------------- ---------------------- ethtool/386089 est\u00e1 intentando adquirir el bloqueo: ffff88810f21ce68 ((work_completion)(\u0026amp;rule-\u0026gt;arfs_work)){ +.+.}-{0:0}, en: __flush_work+0x74/0x4e0 pero la tarea ya mantiene el bloqueo: ffff8884a1808cc0 (\u0026amp;priv-\u0026gt;state_lock){+.+.}-{3:3}, en: mlx5e_ethtool_set_channels+ 0x53/0x200 [mlx5_core] cuyo bloqueo ya depende del nuevo bloqueo. la cadena de dependencia existente (en orden inverso) es: -\u0026gt; #1 (\u0026amp;priv-\u0026gt;state_lock){+.+.}-{3:3}: __mutex_lock+0x80/0xc90 arfs_handle_work+0x4b/0x3b0 [mlx5_core] Process_one_work+0x1dc /0x4a0 work_thread+0x1bf/0x3c0 kthread+0xd7/0x100 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x11/0x20 -\u0026gt; #0 ((work_completion)(\u0026amp;rule-\u0026gt;arfs_work)){+.+.}-{0:0}: __lock_acquire+0x17b4/0x2c80 lock_acquire+0xd0/0x2b0 __flush_work+0x7a/0x4e0 __cancel_work_timer+0x131/0x1c0 arfs_del_rules+0x143/0x1e0 [mlx5_core] mlx5e_arfs_disable+0x1b/0x30 mlx5_core] mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core] ethnl_set_channels+0x28f/0x3b0 ethnl_default_set_doit +0xec/0x240 genl_family_rcv_msg_doit+0xd0/0x120 genl_rcv_msg+0x188/0x2c0 netlink_rcv_skb+0x54/0x100 genl_rcv+0x24/0x40 netlink_unicast+0x1a1/0x270 netlink_sendmsg+0x214/0 x460 __sock_sendmsg+0x38/0x60 __sys_sendto+0x113/0x170 __x64_sys_sendto+0x20/0x30 do_syscall_64 +0x40/0xe0 Entry_SYSCALL_64_after_hwframe+0x46/0x4e otra informaci\u00f3n que podr\u00eda ayudarnos a depurar esto: Posible escenario de bloqueo inseguro: CPU0 CPU1 ---- ---- lock(\u0026amp;priv-\u0026gt;state_lock); lock((work_completion)(\u0026amp;rule-\u0026gt;arfs_work)); bloquear(\u0026amp;priv-\u0026gt;state_lock); lock((work_completion)(\u0026amp;rule-\u0026gt;arfs_work)); *** DEADLOCK *** 3 bloqueos retenidos por ethtool/386089: #0: ffffffff82ea7210 (cb_lock){++++}-{3:3}, en: genl_rcv+0x15/0x40 #1: ffffffff82e94c88 (rtnl_mutex){ +.+.}-{3:3}, en: ethnl_default_set_doit+0xd3/0x240 #2: ffff8884a1808cc0 (\u0026amp;priv-\u0026gt;state_lock){+.+.}-{3:3}, en: mlx5e_ethtool_set_channels+0x53/0x200 [ mlx5_core] seguimiento de pila: CPU: 15 PID: 386089 Comm: ethtool Tainted: GI 6.7.0-rc4_net_next_mlx5_5483eb2 #1 Nombre de hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt .qemu.org 01/04/2014 Seguimiento de llamadas:  dump_stack_lvl+0x60/0xa0 check_noncircular+0x144/0x160 __lock_acquire+0x17b4/0x2c80 lock_acquire+0xd0/0x2b0? __flush_work+0x74/0x4e0? save_trace+0x3e/0x360? __flush_work+0x74/0x4e0 __flush_work+0x7a/0x4e0 ? __flush_work+0x74/0x4e0? __lock_acquire+0xa78/0x2c80? lock_acquire+0xd0/0x2b0? mark_held_locks+0x49/0x70 __cancel_work_timer+0x131/0x1c0 ? mark_held_locks+0x49/0x70 arfs_del_rules+0x143/0x1e0 [mlx5_core] mlx5e_arfs_disable+0x1b/0x30 [mlx5_core] mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core] ethnl_set_channels+0x28f/0x3b0 ethnl_default_set_doit+0xec/0x240 genl_family_rcv_msg_doit+0xd0/0x120 genl_rcv_msg+0x188/0x2c0 ? ethn ---truncado---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.13\",\"versionEndExcluding\":\"5.15.157\",\"matchCriteriaId\":\"A2C4A57D-9BB2-4F58-857C-857CE22EE580\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.88\",\"matchCriteriaId\":\"B665F958-644E-434D-A78D-CCD1628D1774\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.29\",\"matchCriteriaId\":\"0999E154-1E68-41FA-8DE3-9A735E382224\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.8.8\",\"matchCriteriaId\":\"673B3328-389D-41A4-9617-669298635262\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"22BEDD49-2C6D-402D-9DBF-6646F6ECD10B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"52048DDA-FC5A-4363-95A0-A6357B4D7F8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A06B2CCF-3F43-4FA9-8773-C83C3F5764B2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0080bf99499468030248ebd25dd645e487dcecdc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/48c4bb81df19402d4346032353d0795260255e3b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fef965764cf562f28afb997b626fc7c3cec99693\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/0080bf99499468030248ebd25dd645e487dcecdc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/48c4bb81df19402d4346032353d0795260255e3b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fef965764cf562f28afb997b626fc7c3cec99693\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/48c4bb81df19402d4346032353d0795260255e3b\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/0080bf99499468030248ebd25dd645e487dcecdc\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/fef965764cf562f28afb997b626fc7c3cec99693\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T17:17:11.645Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-27014\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-17T17:40:27.350253Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-17T17:40:28.336Z\"}}], \"cna\": {\"title\": \"net/mlx5e: Prevent deadlock while disabling aRFS\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"45bf454ae88414e80b80979ebb2c22bd66ea7d1b\", \"lessThan\": \"46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"45bf454ae88414e80b80979ebb2c22bd66ea7d1b\", \"lessThan\": \"48c4bb81df19402d4346032353d0795260255e3b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"45bf454ae88414e80b80979ebb2c22bd66ea7d1b\", \"lessThan\": \"0080bf99499468030248ebd25dd645e487dcecdc\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"45bf454ae88414e80b80979ebb2c22bd66ea7d1b\", \"lessThan\": \"fef965764cf562f28afb997b626fc7c3cec99693\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.7\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"4.7\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.1.88\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.29\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.8.8\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.8.*\"}, {\"status\": \"unaffected\", \"version\": \"6.9\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/46efa4d5930cf3c2af8c01f75e0a47e4fc045e3b\"}, {\"url\": \"https://git.kernel.org/stable/c/48c4bb81df19402d4346032353d0795260255e3b\"}, {\"url\": \"https://git.kernel.org/stable/c/0080bf99499468030248ebd25dd645e487dcecdc\"}, {\"url\": \"https://git.kernel.org/stable/c/fef965764cf562f28afb997b626fc7c3cec99693\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet/mlx5e: Prevent deadlock while disabling aRFS\\n\\nWhen disabling aRFS under the `priv-\u003estate_lock`, any scheduled\\naRFS works are canceled using the `cancel_work_sync` function,\\nwhich waits for the work to end if it has already started.\\nHowever, while waiting for the work handler, the handler will\\ntry to acquire the `state_lock` which is already acquired.\\n\\nThe worker acquires the lock to delete the rules if the state\\nis down, which is not the worker\u0027s responsibility since\\ndisabling aRFS deletes the rules.\\n\\nAdd an aRFS state variable, which indicates whether the aRFS is\\nenabled and prevent adding rules when the aRFS is disabled.\\n\\nKernel log:\\n\\n======================================================\\nWARNING: possible circular locking dependency detected\\n6.7.0-rc4_net_next_mlx5_5483eb2 #1 Tainted: G          I\\n------------------------------------------------------\\nethtool/386089 is trying to acquire lock:\\nffff88810f21ce68 ((work_completion)(\u0026rule-\u003earfs_work)){+.+.}-{0:0}, at: __flush_work+0x74/0x4e0\\n\\nbut task is already holding lock:\\nffff8884a1808cc0 (\u0026priv-\u003estate_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\\n\\nwhich lock already depends on the new lock.\\n\\nthe existing dependency chain (in reverse order) is:\\n\\n-\u003e #1 (\u0026priv-\u003estate_lock){+.+.}-{3:3}:\\n       __mutex_lock+0x80/0xc90\\n       arfs_handle_work+0x4b/0x3b0 [mlx5_core]\\n       process_one_work+0x1dc/0x4a0\\n       worker_thread+0x1bf/0x3c0\\n       kthread+0xd7/0x100\\n       ret_from_fork+0x2d/0x50\\n       ret_from_fork_asm+0x11/0x20\\n\\n-\u003e #0 ((work_completion)(\u0026rule-\u003earfs_work)){+.+.}-{0:0}:\\n       __lock_acquire+0x17b4/0x2c80\\n       lock_acquire+0xd0/0x2b0\\n       __flush_work+0x7a/0x4e0\\n       __cancel_work_timer+0x131/0x1c0\\n       arfs_del_rules+0x143/0x1e0 [mlx5_core]\\n       mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\\n       mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\\n       ethnl_set_channels+0x28f/0x3b0\\n       ethnl_default_set_doit+0xec/0x240\\n       genl_family_rcv_msg_doit+0xd0/0x120\\n       genl_rcv_msg+0x188/0x2c0\\n       netlink_rcv_skb+0x54/0x100\\n       genl_rcv+0x24/0x40\\n       netlink_unicast+0x1a1/0x270\\n       netlink_sendmsg+0x214/0x460\\n       __sock_sendmsg+0x38/0x60\\n       __sys_sendto+0x113/0x170\\n       __x64_sys_sendto+0x20/0x30\\n       do_syscall_64+0x40/0xe0\\n       entry_SYSCALL_64_after_hwframe+0x46/0x4e\\n\\nother info that might help us debug this:\\n\\n Possible unsafe locking scenario:\\n\\n       CPU0                    CPU1\\n       ----                    ----\\n  lock(\u0026priv-\u003estate_lock);\\n                               lock((work_completion)(\u0026rule-\u003earfs_work));\\n                               lock(\u0026priv-\u003estate_lock);\\n  lock((work_completion)(\u0026rule-\u003earfs_work));\\n\\n *** DEADLOCK ***\\n\\n3 locks held by ethtool/386089:\\n #0: ffffffff82ea7210 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40\\n #1: ffffffff82e94c88 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_set_doit+0xd3/0x240\\n #2: ffff8884a1808cc0 (\u0026priv-\u003estate_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\\n\\nstack backtrace:\\nCPU: 15 PID: 386089 Comm: ethtool Tainted: G          I        6.7.0-rc4_net_next_mlx5_5483eb2 #1\\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\\nCall Trace:\\n \u003cTASK\u003e\\n dump_stack_lvl+0x60/0xa0\\n check_noncircular+0x144/0x160\\n __lock_acquire+0x17b4/0x2c80\\n lock_acquire+0xd0/0x2b0\\n ? __flush_work+0x74/0x4e0\\n ? save_trace+0x3e/0x360\\n ? __flush_work+0x74/0x4e0\\n __flush_work+0x7a/0x4e0\\n ? __flush_work+0x74/0x4e0\\n ? __lock_acquire+0xa78/0x2c80\\n ? lock_acquire+0xd0/0x2b0\\n ? mark_held_locks+0x49/0x70\\n __cancel_work_timer+0x131/0x1c0\\n ? mark_held_locks+0x49/0x70\\n arfs_del_rules+0x143/0x1e0 [mlx5_core]\\n mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\\n mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\\n ethnl_set_channels+0x28f/0x3b0\\n ethnl_default_set_doit+0xec/0x240\\n genl_family_rcv_msg_doit+0xd0/0x120\\n genl_rcv_msg+0x188/0x2c0\\n ? ethn\\n---truncated---\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.88\", \"versionStartIncluding\": \"4.7\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.29\", \"versionStartIncluding\": \"4.7\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.8.8\", \"versionStartIncluding\": \"4.7\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.9\", \"versionStartIncluding\": \"4.7\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2026-05-11T20:08:44.844Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-27014\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-11T20:08:44.844Z\", \"dateReserved\": \"2024-02-19T14:20:24.209Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-05-01T05:29:46.980Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.