CVE-2024-54683
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-54683
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-54683.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-54683
- Downstream
- Related
- Published
- 2025-01-11T13:15:27Z
- Modified
- 2025-08-09T19:01:26Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netfilter: IDLETIMER: Fix for possible ABBA deadlock
Deletion of the last rule referencing a given idletimer may happen at the same time as a read of its file in sysfs:
| ====================================================== | WARNING: possible circular locking dependency detected | 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted | ------------------------------------------------------ | iptables/3303 is trying to acquire lock: | ffff8881057e04b8 (kn->active#48){++++}-{0:0}, at: _kernfsremove+0x20 | | but task is already holding lock: | ffffffffa0249068 (listmutex){+.+.}-{3:3}, at: idletimertgdestroyv] | | which lock already depends on the new lock.
A simple reproducer is:
| #!/bin/bash | | while true; do | iptables -A INPUT -i foo -j IDLETIMER --timeout 10 --label "testme" | iptables -D INPUT -i foo -j IDLETIMER --timeout 10 --label "testme" | done & | while true; do | cat /sys/class/xt_idletimer/timers/testme >/dev/null | done
Avoid this by freeing list_mutex right after deleting the element from the list, then continuing with the teardown.
- References