CVE-2024-56694 - Vulnerability Details

- bpf: fix recursive lock when verdict program return SK_PASS

Description

In the Linux kernel, the following vulnerability has been resolved:

bpf: fix recursive lock when verdict program return SK_PASS

When the stream_verdict program returns SK_PASS, it places the received skb
into its own receive queue, but a recursive lock eventually occurs, leading
to an operating system deadlock. This issue has been present since v6.9.

'''
sk_psock_strp_data_ready
write_lock_bh(&sk->sk_callback_lock)
strp_data_ready
strp_read_sock
read_sock -> tcp_read_sock
strp_recv
cb.rcv_msg -> sk_psock_strp_read
# now stream_verdict return SK_PASS without peer sock assign
__SK_PASS = sk_psock_map_verd(SK_PASS, NULL)
sk_psock_verdict_apply
sk_psock_skb_ingress_self
sk_psock_skb_ingress_enqueue
sk_psock_data_ready
read_lock_bh(&sk->sk_callback_lock) <= dead lock

'''

This topic has been discussed before, but it has not been fixed.
Previous discussion:
https://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch

Published: 2024-12-28

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`c0809c128dad4c3413818384eb06a341633db973`	affected	< 221109ba2127eabd0aa64718543638b58b15df56
`5965bc7535fb87510b724e5465ccc1a1cf00916d`	affected	< 6694f7acd625ed854bf6342926e771d65dad7f69
`39dc9e1442385d6e9be0b6491ee488dddd55ae27`	affected	< 386efa339e08563dd33e83bc951aea5d407fe578
`b397a0ab8582c533ec0c6b732392f141fc364f87`	affected	< da2bc8a0c8f3ac66fdf980fc59936f851a083561
`6648e613226e18897231ab5e42ffc29e63fa3365`	affected	< 01f1b88acfd79103da0610b45471f6c88ea98d72
`6648e613226e18897231ab5e42ffc29e63fa3365`	affected	< f84c5ef6ca23cc2f72f3b830d74f67944684bb05
`6648e613226e18897231ab5e42ffc29e63fa3365`	affected	< 8ca2a1eeadf09862190b2810697702d803ceef2d
`772d5729b5ff0df0d37b32db600ce635b2172f80`	affected	—

Linux

affected

Version	Status	Constraints
`6.9`	affected	—
`0`	unaffected	< 6.9
`5.10.233`	unaffected	≤ 5.10.*
`5.15.174`	unaffected	≤ 5.15.*
`6.1.120`	unaffected	≤ 6.1.*
`6.6.64`	unaffected	≤ 6.6.*
`6.11.11`	unaffected	≤ 6.11.*
`6.12.2`	unaffected	≤ 6.12.*
`6.13`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4075-1	linux security update
Debian DLA	DLA-4076-1	linux-6.1 security update
EUVD	EUVD-2024-53342	In the Linux kernel, the following vulnerability has been resolved: bpf: fix recursive lock when verdict program return SK_PASS When the stream_verdict program returns SK_PASS, it places the received skb into its own receive queue, but a recursive lock eventually occurs, leading to an operating system deadlock. This issue has been present since v6.9. ''' sk_psock_strp_data_ready write_lock_bh(&sk->sk_callback_lock) strp_data_ready strp_read_sock read_sock -> tcp_read_sock strp_recv cb.rcv_msg -> sk_psock_strp_read # now stream_verdict return SK_PASS without peer sock assign __SK_PASS = sk_psock_map_verd(SK_PASS, NULL) sk_psock_verdict_apply sk_psock_skb_ingress_self sk_psock_skb_ingress_enqueue sk_psock_data_ready read_lock_bh(&sk->sk_callback_lock) <= dead lock ''' This topic has been discussed before, but it has not been fixed. Previous discussion: https://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch
Ubuntu USN	USN-7276-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7277-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7310-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7387-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7387-2	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-7387-3	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-7388-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7389-1	Linux kernel (NVIDIA Tegra) vulnerabilities
Ubuntu USN	USN-7390-1	Linux kernel (Xilinx ZynqMP) vulnerabilities
Ubuntu USN	USN-7391-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7392-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7392-2	Linux kernel vulnerabilities
Ubuntu USN	USN-7392-3	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-7392-4	Linux kernel (AWS FIPS) vulnerabilities
Ubuntu USN	USN-7393-1	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-7401-1	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-7407-1	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-7413-1	Linux kernel (IoT) vulnerabilities
Ubuntu USN	USN-7421-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7449-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7449-2	Linux kernel (HWE) vulnerabilities
Ubuntu USN	USN-7450-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7451-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7452-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7453-1	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-7458-1	Linux kernel (IBM) vulnerabilities
Ubuntu USN	USN-7459-1	Linux kernel (Intel IoTG) vulnerabilities
Ubuntu USN	USN-7459-2	Linux kernel (GCP) vulnerabilities
Ubuntu USN	USN-7463-1	Linux kernel (IBM) vulnerabilities
Ubuntu USN	USN-7468-1	Linux kernel (Azure, N-Series) vulnerabilities
Ubuntu USN	USN-7523-1	Linux kernel (Raspberry Pi Real-time) vulnerabilities
Ubuntu USN	USN-7524-1	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-7539-1	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-7540-1	Linux kernel (Raspberry Pi) vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00014.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/01f1b88acfd79103da0610b45471f6c88ea98d72
https://git.kernel.org/stable/c/221109ba2127eabd0aa64718543638b58b15df56
https://git.kernel.org/stable/c/386efa339e08563dd33e83bc951aea5d407fe578
https://git.kernel.org/stable/c/6694f7acd625ed854bf6342926e771d65dad7f69
https://git.kernel.org/stable/c/8ca2a1eeadf09862190b2810697702d803ceef2d
https://git.kernel.org/stable/c/da2bc8a0c8f3ac66fdf980fc59936f851a083561
https://git.kernel.org/stable/c/f84c5ef6ca23cc2f72f3b830d74f67944684bb05
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
https://lore.kernel.org/linux-cve-announce/2024122835-CVE-2024-56694-c701@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-56694
https://www.cve.org/CVERecord?id=CVE-2024-56694

History

Mon, 03 Nov 2025 21:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Thu, 19 Jun 2025 13:30:00 +0000

Type	Values Removed	Values Added
References	https://git.kernel.org/stable/c/078f7e1521442a55db4bed812a2fbaf02ac33819

Thu, 13 Feb 2025 00:30:00 +0000

Type	Values Removed	Values Added
Metrics	threat_severity `Low`	threat_severity `Moderate`

Thu, 09 Jan 2025 15:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/078f7e1521442a55db4bed812a2fbaf02ac33819 https://git.kernel.org/stable/c/221109ba2127eabd0aa64718543638b58b15df56

Wed, 08 Jan 2025 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-667
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel

Mon, 30 Dec 2024 01:30:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2024122835-CVE-2024-56694-c701@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2024-56694 https://www.cve.org/CVERecord?id=CVE-2024-56694
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Sat, 28 Dec 2024 10:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: bpf: fix recursive lock when verdict program return SK_PASS When the stream_verdict program returns SK_PASS, it places the received skb into its own receive queue, but a recursive lock eventually occurs, leading to an operating system deadlock. This issue has been present since v6.9. ''' sk_psock_strp_data_ready write_lock_bh(&sk->sk_callback_lock) strp_data_ready strp_read_sock read_sock -> tcp_read_sock strp_recv cb.rcv_msg -> sk_psock_strp_read # now stream_verdict return SK_PASS without peer sock assign __SK_PASS = sk_psock_map_verd(SK_PASS, NULL) sk_psock_verdict_apply sk_psock_skb_ingress_self sk_psock_skb_ingress_enqueue sk_psock_data_ready read_lock_bh(&sk->sk_callback_lock) <= dead lock ''' This topic has been discussed before, but it has not been fixed. Previous discussion: https://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch
Title		bpf: fix recursive lock when verdict program return SK_PASS
References		https://git.kernel.org/stable/c/01f1b88acfd79103da0610b45471f6c88ea98d72 https://git.kernel.org/stable/c/386efa339e08563dd33e83bc951aea5d407fe578 https://git.kernel.org/stable/c/6694f7acd625ed854bf6342926e771d65dad7f69 https://git.kernel.org/stable/c/8ca2a1eeadf09862190b2810697702d803ceef2d https://git.kernel.org/stable/c/da2bc8a0c8f3ac66fdf980fc59936f851a083561 https://git.kernel.org/stable/c/f84c5ef6ca23cc2f72f3b830d74f67944684bb05

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-12-28T09:46:18.826Z

Updated: 2026-05-11T20:57:26.570Z

Reserved: 2024-12-27T15:00:39.849Z

Link: CVE-2024-56694

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-12-28T10:15:15.203

Modified: 2025-11-03T21:18:20.400

Link: CVE-2024-56694

Redhat

Severity : Moderate

Publid Date: 2024-12-28T00:00:00Z

Links: CVE-2024-56694 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-667

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object