DEBIAN-CVE-2024-49980

In the Linux kernel, the following vulnerability has been resolved: vrf: revert "vrf: Remove unnecessary RCU-bh critical section" This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853. devqueuexmitnit is expected to be called with BH disabled. _devqueuexmit has the following: /* Disable soft irqs for various locks below. Also * stops preemption for RCU. / rcu_read_lock_bh(); VRF must follow this invariant. The referenced commit removed this protection. Which triggered a lockdep warning: ================================ WARNING: inconsistent lock state 6.11.0 #1 Tainted: G W -------------------------------- inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. btserver/134819 [HC0[0]:SC0[0]:HE1:SE1] takes: ffff8882da30c118 (rlock-AF_PACKET){+.?.}-{2:2}, at: tpacket_rcv+0x863/0x3b30 {IN-SOFTIRQ-W} state was registered at: lock_acquire+0x19a/0x4f0 _raw_spin_lock+0x27/0x40 packet_rcv+0xa33/0x1320 __netif_receive_skb_core.constprop.0+0xcb0/0x3a90 __netif_receive_skb_list_core+0x2c9/0x890 netif_receive_skb_list_internal+0x610/0xcc0 [...] other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(rlock-AF_PACKET); <Interrupt> lock(rlock-AF_PACKET); DEADLOCK * Call Trace: <TASK> dumpstacklvl+0x73/0xa0 marklock+0x102e/0x16b0 _lockacquire+0x9ae/0x6170 lockacquire+0x19a/0x4f0 rawspinlock+0x27/0x40 tpacketrcv+0x863/0x3b30 devqueuexmitnit+0x709/0xa40 vrffinishdirect+0x26e/0x340 [vrf] vrfl3out+0x5f4/0xe80 [vrf] _iplocalout+0x51e/0x7a0 [...]