{ "threat_severity" : "Moderate", "public_date" : "2024-06-19T00:00:00Z", "bugzilla" : { "description" : "kernel: mptcp: fix deadlock in __mptcp_push_pending()", "id" : "2293237", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2293237" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-833", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nmptcp: fix deadlock in __mptcp_push_pending()\n__mptcp_push_pending() may call mptcp_flush_join_list() with subflow\nsocket lock held. If such call hits mptcp_sockopt_sync_all() then\nsubsequently __mptcp_sockopt_sync() could try to lock the subflow\nsocket for itself, causing a deadlock.\nsysrq: Show Blocked State\ntask:ss-server state:D stack: 0 pid: 938 ppid: 1 flags:0x00000000\nCall Trace:\n\n__schedule+0x2d6/0x10c0\n? __mod_memcg_state+0x4d/0x70\n? csum_partial+0xd/0x20\n? _raw_spin_lock_irqsave+0x26/0x50\nschedule+0x4e/0xc0\n__lock_sock+0x69/0x90\n? do_wait_intr_irq+0xa0/0xa0\n__lock_sock_fast+0x35/0x50\nmptcp_sockopt_sync_all+0x38/0xc0\n__mptcp_push_pending+0x105/0x200\nmptcp_sendmsg+0x466/0x490\nsock_sendmsg+0x57/0x60\n__sys_sendto+0xf0/0x160\n? do_wait_intr_irq+0xa0/0xa0\n? fpregs_restore_userregs+0x12/0xd0\n__x64_sys_sendto+0x20/0x30\ndo_syscall_64+0x38/0x90\nentry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f9ba546c2d0\nRSP: 002b:00007ffdc3b762d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 00007f9ba56c8060 RCX: 00007f9ba546c2d0\nRDX: 000000000000077a RSI: 0000000000e5e180 RDI: 0000000000000234\nRBP: 0000000000cc57f0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007f9ba56c8060\nR13: 0000000000b6ba60 R14: 0000000000cc7840 R15: 41d8685b1d7901b8\n\nFix the issue by using __mptcp_flush_join_list() instead of plain\nmptcp_flush_join_list() inside __mptcp_push_pending(), as suggested by\nFlorian. The sockopt sync will be deferred to the workqueue.", "A vulnerability was found in the Linux kernel's mptcp component in the __mptcp_push_pending() function, where a deadlock can occur when calling mptcp_flush_join_list() with the subflow socket lock held. This happens if the synchronization function mptcp_sockopt_sync_all() is invoked, causing the system to hang due to competing locks, this vulnerability can lead to significant disruptions in MultiPath TCP operations." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-05-10T00:00:00Z", "advisory" : "RHSA-2022:1975", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-372.9.1.rt7.166.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-05-10T00:00:00Z", "advisory" : "RHSA-2022:1988", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-372.9.1.el8" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-47590\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47590\nhttps://lore.kernel.org/linux-cve-announce/2024061919-CVE-2021-47590-6db0@gregkh/T" ], "name" : "CVE-2021-47590", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }