{
  "threat_severity" : "Moderate",
  "public_date" : "2024-05-19T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: bpf, sockmap: Prevent lock inversion deadlock in map delete elem",
    "id" : "2281677",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2281677"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nbpf, sockmap: Prevent lock inversion deadlock in map delete elem\nsyzkaller started using corpuses where a BPF tracing program deletes\nelements from a sockmap/sockhash map. Because BPF tracing programs can be\ninvoked from any interrupt context, locks taken during a map_delete_elem\noperation must be hardirq-safe. Otherwise a deadlock due to lock inversion\nis possible, as reported by lockdep:\nCPU0                    CPU1\n----                    ----\nlock(&htab->buckets[i].lock);\nlocal_irq_disable();\nlock(&host->lock);\nlock(&htab->buckets[i].lock);\n<Interrupt>\nlock(&host->lock);\nLocks in sockmap are hardirq-unsafe by design. We expects elements to be\ndeleted from sockmap/sockhash only in task (normal) context with interrupts\nenabled, or in softirq context.\nDetect when map_delete_elem operation is invoked from a context which is\n_not_ hardirq-unsafe, that is interrupts are disabled, and bail out with an\nerror.\nNote that map updates are not affected by this issue. BPF verifier does not\nallow updating sockmap/sockhash from a BPF tracing program today.", "CVE-2024-35895 addresses a vulnerability in the Linux kernel's Berkeley Packet Filter (BPF) subsystem, specifically within the sockmap feature. The issue arises when BPF tracing programs, which can execute in various interrupt contexts, attempt to delete elements from sockmap or sockhash maps. This operation involves acquiring locks that are not safe for use in hard interrupt contexts, leading to potential deadlocks due to lock inversion.\nBPF tracing programs may delete elements from sockmap/sockhash maps while running in interrupt contexts where the required locks are not hardirq-safe, causing possible deadlocks.\nSystem hangs or crashes due to deadlocks when deleting elements from sockmap/sockhash maps in inappropriate contexts." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-09-24T00:00:00Z",
    "advisory" : "RHSA-2024:6997",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.37.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-09-24T00:00:00Z",
    "advisory" : "RHSA-2024:6997",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-427.37.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "release_date" : "2024-09-04T00:00:00Z",
    "advisory" : "RHSA-2024:6267",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.2",
    "package" : "kernel-0:5.14.0-284.82.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "release_date" : "2024-09-04T00:00:00Z",
    "advisory" : "RHSA-2024:6268",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.2::nfv",
    "package" : "kernel-rt-0:5.14.0-284.82.1.rt14.367.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-35895\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35895\nhttps://lore.kernel.org/linux-cve-announce/2024051950-CVE-2024-35895-cb33@gregkh/T" ],
  "name" : "CVE-2024-35895",
  "csaw" : false
}