DEBIAN-CVE-2024-49980

In the Linux kernel, the following vulnerability has been resolved: vrf: revert "vrf: Remove unnecessary RCU-bh critical section" This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853. devqueuexmit_nit is expected to be called with BH disabled. __devqueuexmit has the following: /* Disable soft irqs for various locks below. Also * stops preemption for RCU. */ rcureadlockbh(); VRF must follow this invariant. The referenced commit removed this protection. Which triggered a lockdep warning: ================================ WARNING: inconsistent lock state 6.11.0 #1 Tainted: G W -------------------------------- inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. btserver/134819 [HC0[0]:SC0[0]:HE1:SE1] takes: ffff8882da30c118 (rlock-AFPACKET){+.?.}-{2:2}, at: tpacketrcv+0x863/0x3b30 {IN-SOFTIRQ-W} state was registered at: lockacquire+0x19a/0x4f0 rawspinlock+0x27/0x40 packetrcv+0xa33/0x1320 __netifreceiveskb_core.constprop.0+0xcb0/0x3a90 __netifreceiveskb_listcore+0x2c9/0x890 netifreceiveskblistinternal+0x610/0xcc0 [...] other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(rlock-AFPACKET); <Interrupt> lock(rlock-AFPACKET); *** DEADLOCK *** Call Trace: <TASK> dumpstacklvl+0x73/0xa0 marklock+0x102e/0x16b0 __lockacquire+0x9ae/0x6170 lockacquire+0x19a/0x4f0 rawspin_lock+0x27/0x40 tpacketrcv+0x863/0x3b30 devqueuexmitnit+0x709/0xa40 vrffinishdirect+0x26e/0x340 [vrf] vrfl3out+0x5f4/0xe80 [vrf] __iplocalout+0x51e/0x7a0 [...]