CVE-2024-26725

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-rc2jiri+

Description The issue is related to a possible deadlock during netlink dump operation. The netlink dump start() function calls control->start(cb) with nlk->cb mutex held, and in control->start(cb), the dpll lock is taken. Then, nlk->cb mutex is released and taken again in netlink dump(), while dpll lock is still being held. This leads to an ABBA deadlock when another CPU races with the same operation.

Recommendations To resolve the issue, move the dpll lock taking into the dumpit() callback, which ensures the correct lock-taking order. This fix is applicable to all affected versions of the Linux kernel prior to 6.8.0-rc2jiri+.

As a temporary workaround, consider disabling the dpll lock dumpit() function until a patch is available. However, this may have unintended consequences and should be used with caution.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.