CVE-2024-26740

high

Published 2024-11-12 · Modified 2024-08-08

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

8.0

Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mirred: use the backlog for mirred ingress The test Davide added in commit ca22da2fbd69 ("act_mirred: use the backlog for nested calls to mirred ingress") hangs our testing VMs every 10 or so runs, with the familiar tcp_v4_rcv -> tcp_v4_rcv deadlock reported by lockdep. The problem as previously described by Davide (see Link) is that if we reverse flow of traffic with the redirect (egress -> ingress) we may reach the same socket which generated the packet. And we may still be holding its socket lock. The common solution to such deadlocks is to put the packet in the Rx backlog, rather than run the Rx path inline. Do that for all egress -> ingress reversals, not just once we started to nest mirred calls. In the past there was a concern that the backlog indirection will lead to loss of error reporting / less accurate stats. But the current workaround does not seem to address the issue.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description kernel: net/sched: act_mirred: use the backlog for mirred ingress CVSS v3: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:51022024-08-08T00:00:00Z Red Hat Enterprise Linux 8kernel-0:4.18.0-553.16.1.el8_10RHSA-2024:51012024-08-08T00:00:00Z Red Hat…

Description

kernel: net/sched: act_mirred: use the backlog for mirred ingress

CVSS v3: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 8	`kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10`	RHSA-2024:5102	2024-08-08T00:00:00Z
Red Hat Enterprise Linux 8	`kernel-0:4.18.0-553.16.1.el8_10`	RHSA-2024:5101	2024-08-08T00:00:00Z
Red Hat Enterprise Linux 9	`kernel-0:5.14.0-503.11.1.el9_5`	RHSA-2024:9315	2024-11-12T00:00:00Z
Red Hat Enterprise Linux 9	`kernel-0:5.14.0-503.11.1.el9_5`	RHSA-2024:9315	2024-11-12T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support	`kernel-0:5.14.0-427.57.1.el9_4`	RHSA-2025:2270	2025-03-05T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 6	`kernel`	Out of support scope
Red Hat Enterprise Linux 7	`kernel`	Out of support scope
Red Hat Enterprise Linux 7	`kernel-rt`	Out of support scope
Red Hat Enterprise Linux 9	`kernel-rt`	Affected

Apply commands

bash fix

Apply RHSA-2024:5102 for Red Hat Enterprise Linux 8

yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rt

Affected

Vendor	Product	Version
redhat	Red Hat Enterprise Linux 9	`Affected`

OS impact

SUSE Affected 1 release

Version	Status	Fixed in
—	Affected	—

Debian Mixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`6.7.7-1`
sid	Fixed	`6.7.7-1`
forky	Fixed	`6.7.7-1`
bullseye	Affected	—
bookworm	Affected	—

AlmaLinux Fixed 1 release

Version	Status	Fixed in
8	Fixed	`kernel-doc-4.18.0-553.16.1.el8_10.noarch.rpm`

Red Hat Fixed 2 releases

Version	Status	Fixed in
9	Fixed	—
8	Fixed	—

Rocky Linux Fixed 1 release

Version	Status	Fixed in
8	Fixed	—

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.