CVE-2024-26781

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-rc4-syzkaller-00212-g40b9385dd8e6

Description The vulnerability is related to a possible deadlock in the subflow diag of the mptcp component in the Linux kernel. This issue can be exploited to cause a denial of service. The problem arises from a lock dependency chain that can lead to a circular locking dependency, as reported by Syzbot and Eric. The lock dependency chain involves the k-sk lock-AF INET6 and &h->lhash2[i].lock locks. To avoid the deadlock, it is suggested to break the lock dependency chain.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the possible deadlock in the subflow diag of the mptcp component. Specifically, update to a version later than 6.8.0-rc4-syzkaller-00212-g40b9385dd8e6. As a temporary workaround, consider disabling the subflow get info() function until a patch is available.