Phil Sutter

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.74 **Description** A possible ABBA deadlock vulnerability has been identified in the Linux kernel, specifically in the netfilter IDLETIMER module. This issue occurs when the deletion of the last rule referencing a given idletimer happens simultaneously with a read of its file in sysfs, resulting in a possible circular locking dependency. A simple reproducer for this issue is provided, demonstrating how the deadlock can occur. The vulnerability is resolved by freeing the `list mutex` immediately after deleting the element from the list and then continuing with the teardown. **Recommendations** For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the vulnerability. As a temporary workaround, consider avoiding the simultaneous deletion and reading of idletimer rules to minimize the risk of deadlock.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.74 **Description** A race condition in the Linux kernel's netfilter: ipset module can lead to a kernel crash. This occurs when user space unloads the ip set.ko module while it is requesting a set type backend module. The issue can be provoked by inserting a delay after the nfnl unlock() call. **Recommendations** For versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider disabling the `ip set.ko` module until a patch is available. Restrict access to the vulnerable `netfilter: ipset` module to minimize the risk of exploitation. Avoid using the `nfnl unlock()` function in conjunction with `mdelay()` until the issue is resolved.