CVE-2024-49980

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-49980
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-49980.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-49980
Downstream
Related
Published
2024-10-21T18:02:26.494Z
Modified
2025-11-20T06:46:02.308500Z
Summary
vrf: revert "vrf: Remove unnecessary RCU-bh critical section"
Details

In the Linux kernel, the following vulnerability has been resolved:

vrf: revert "vrf: Remove unnecessary RCU-bh critical section"

This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853.

devqueuexmitnit is expected to be called with BH disabled. _devqueuexmit has the following:

    /* Disable soft irqs for various locks below. Also
     * stops preemption for RCU.
     */
    rcu_read_lock_bh();

VRF must follow this invariant. The referenced commit removed this protection. Which triggered a lockdep warning:

================================
WARNING: inconsistent lock state
6.11.0 #1 Tainted: G        W
--------------------------------
inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
btserver/134819 [HC0[0]:SC0[0]:HE1:SE1] takes:
ffff8882da30c118 (rlock-AF_PACKET){+.?.}-{2:2}, at: tpacket_rcv+0x863/0x3b30
{IN-SOFTIRQ-W} state was registered at:
  lock_acquire+0x19a/0x4f0
  _raw_spin_lock+0x27/0x40
  packet_rcv+0xa33/0x1320
  __netif_receive_skb_core.constprop.0+0xcb0/0x3a90
  __netif_receive_skb_list_core+0x2c9/0x890
  netif_receive_skb_list_internal+0x610/0xcc0
      [...]

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(rlock-AF_PACKET);
  <Interrupt>
    lock(rlock-AF_PACKET);

 *** DEADLOCK ***

Call Trace:
 <TASK>
 dump_stack_lvl+0x73/0xa0
 mark_lock+0x102e/0x16b0
 __lock_acquire+0x9ae/0x6170
 lock_acquire+0x19a/0x4f0
 _raw_spin_lock+0x27/0x40
 tpacket_rcv+0x863/0x3b30
 dev_queue_xmit_nit+0x709/0xa40
 vrf_finish_direct+0x26e/0x340 [vrf]
 vrf_l3_out+0x5f4/0xe80 [vrf]
 __ip_local_out+0x51e/0x7a0
      [...]
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
504fc6f4f7f681d2a03aa5f68aad549d90eab853
Fixed
718a752bd746b3f4dd62516bb437baf73d548415
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
504fc6f4f7f681d2a03aa5f68aad549d90eab853
Fixed
8c9381b3138246d46536db93ed696832abd70204
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
504fc6f4f7f681d2a03aa5f68aad549d90eab853
Fixed
e61f8c4d179b2ffc0d3b7f821c3734be738643d0
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
504fc6f4f7f681d2a03aa5f68aad549d90eab853
Fixed
b04c4d9eb4f25b950b33218e33b04c94e7445e51

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.10.1
v6.10.10
v6.10.11
v6.10.12
v6.10.13
v6.10.2
v6.10.3
v6.10.4
v6.10.5
v6.10.6
v6.10.7
v6.10.8
v6.10.9
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.11.1
v6.11.2
v6.5
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "drivers/net/vrf.c",
            "function": "vrf_finish_direct"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e61f8c4d179b2ffc0d3b7f821c3734be738643d0",
        "digest": {
            "length": 405.0,
            "function_hash": "85499833027340281613309228398807789011"
        },
        "id": "CVE-2024-49980-2706d69b"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "target": {
            "file": "drivers/net/vrf.c"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b04c4d9eb4f25b950b33218e33b04c94e7445e51",
        "digest": {
            "line_hashes": [
                "207310754144195582065725100477467812852",
                "161619645284396379752191193676965364993",
                "271968995845619812938416041913522369527",
                "216300217234786846959220552660461827985"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2024-49980-43e11853"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "drivers/net/vrf.c",
            "function": "vrf_finish_direct"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b04c4d9eb4f25b950b33218e33b04c94e7445e51",
        "digest": {
            "length": 405.0,
            "function_hash": "85499833027340281613309228398807789011"
        },
        "id": "CVE-2024-49980-525656ba"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "target": {
            "file": "drivers/net/vrf.c"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8c9381b3138246d46536db93ed696832abd70204",
        "digest": {
            "line_hashes": [
                "207310754144195582065725100477467812852",
                "161619645284396379752191193676965364993",
                "271968995845619812938416041913522369527",
                "216300217234786846959220552660461827985"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2024-49980-8841798f"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "drivers/net/vrf.c",
            "function": "vrf_finish_direct"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8c9381b3138246d46536db93ed696832abd70204",
        "digest": {
            "length": 405.0,
            "function_hash": "85499833027340281613309228398807789011"
        },
        "id": "CVE-2024-49980-d4fd8e22"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "target": {
            "file": "drivers/net/vrf.c"
        },
        "signature_version": "v1",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e61f8c4d179b2ffc0d3b7f821c3734be738643d0",
        "digest": {
            "line_hashes": [
                "207310754144195582065725100477467812852",
                "161619645284396379752191193676965364993",
                "271968995845619812938416041913522369527",
                "216300217234786846959220552660461827985"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2024-49980-d870aa90"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.6.0
Fixed
6.6.55
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.10.14
Type
ECOSYSTEM
Events
Introduced
6.11.0
Fixed
6.11.3