Alma Linux: CVE-2024-27010: Important: kernel security update (Multiple Advisories)

Alma Linux: CVE-2024-27010: Important: kernel security update (Multiple Advisories)

Severity

5

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

05/01/2024

Created

08/13/2024

Added

08/12/2024

Modified

01/28/2025

Description

In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix mirred deadlock on device recursion When the mirred action is used on a classful egress qdisc and a packet is mirrored or redirected to self we hit a qdisc lock deadlock. See trace below. [..... other info removed for brevity....] [ 82.890906] [ 82.890906] ============================================ [ 82.890906] WARNING: possible recursive locking detected [ 82.890906] 6.8.0-05205-g77fadd89fe2d-dirty #213 Tainted: GW [ 82.890906] -------------------------------------------- [ 82.890906] ping/418 is trying to acquire lock: [ 82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at: __dev_queue_xmit+0x1778/0x3550 [ 82.890906] [ 82.890906] but task is already holding lock: [ 82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at: __dev_queue_xmit+0x1778/0x3550 [ 82.890906] [ 82.890906] other info that might help us debug this: [ 82.890906]Possible unsafe locking scenario: [ 82.890906] [ 82.890906]CPU0 [ 82.890906]---- [ 82.890906] lock(&sch->q.lock); [ 82.890906] lock(&sch->q.lock); [ 82.890906] [ 82.890906]*** DEADLOCK *** [ 82.890906] [..... other info removed for brevity....] Example setup (eth0->eth0) to recreate tc qdisc add dev eth0 root handle 1: htb default 30 tc filter add dev eth0 handle 1: protocol ip prio 2 matchall \ action mirred egress redirect dev eth0 Another example(eth0->eth1->eth0) to recreate tc qdisc add dev eth0 root handle 1: htb default 30 tc filter add dev eth0 handle 1: protocol ip prio 2 matchall \ action mirred egress redirect dev eth1 tc qdisc add dev eth1 root handle 1: htb default 30 tc filter add dev eth1 handle 1: protocol ip prio 2 matchall \ action mirred egress redirect dev eth0 We fix this by adding an owner field (CPU id) to struct Qdisc set after root qdisc is entered. When the softirq enters it a second time, if the qdisc owner is the same CPU, the packet is dropped to break the loop.

Solution(s)

• alma-upgrade-bpftool
• alma-upgrade-kernel
• alma-upgrade-kernel-abi-stablelists
• alma-upgrade-kernel-core
• alma-upgrade-kernel-cross-headers
• alma-upgrade-kernel-debug
• alma-upgrade-kernel-debug-core
• alma-upgrade-kernel-debug-devel
• alma-upgrade-kernel-debug-modules
• alma-upgrade-kernel-debug-modules-extra
• alma-upgrade-kernel-devel
• alma-upgrade-kernel-doc
• alma-upgrade-kernel-headers
• alma-upgrade-kernel-modules
• alma-upgrade-kernel-modules-extra
• alma-upgrade-kernel-rt
• alma-upgrade-kernel-rt-core
• alma-upgrade-kernel-rt-debug
• alma-upgrade-kernel-rt-debug-core
• alma-upgrade-kernel-rt-debug-devel
• alma-upgrade-kernel-rt-debug-kvm
• alma-upgrade-kernel-rt-debug-modules
• alma-upgrade-kernel-rt-debug-modules-extra
• alma-upgrade-kernel-rt-devel
• alma-upgrade-kernel-rt-kvm
• alma-upgrade-kernel-rt-modules
• alma-upgrade-kernel-rt-modules-extra
• alma-upgrade-kernel-tools
• alma-upgrade-kernel-tools-libs
• alma-upgrade-kernel-tools-libs-devel
• alma-upgrade-kernel-zfcpdump
• alma-upgrade-kernel-zfcpdump-core
• alma-upgrade-kernel-zfcpdump-devel
• alma-upgrade-kernel-zfcpdump-modules
• alma-upgrade-kernel-zfcpdump-modules-extra
• alma-upgrade-perf
• alma-upgrade-python3-perf

References

• https://attackerkb.com/topics/cve-2024-27010
• CVE - 2024-27010
• https://errata.almalinux.org/8/ALSA-2024-5101.html
• https://errata.almalinux.org/8/ALSA-2024-5102.html