CVE-2024-56703

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to soft lockups in the Linux kernel's IPv6 route handling, specifically in the fib6 select path function. This occurs when the nodes of the linked list are unexpectedly deleted concurrently on a different core, resulting in an infinite loop and a soft lockup that triggers a system panic via the watchdog timer. The problem arises in a highly dynamic environment where Linux-based edge routers continuously update BGP-advertised routes due to frequently changing nexthop destinations. To resolve the issue, RCU primitives are applied in the problematic code sections, and references to fib6 siblings are updated to annotate or use the RCU APIs.

Recommendations Apply RCU primitives in the problematic code sections to resolve the issue. Update the references to fib6 siblings to annotate or use the RCU APIs. As a temporary workaround, consider disabling the fib6 select path function until a patch is available. Restrict access to the vulnerable fib6 select path function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.