PT-2025-3061 · Linux+5 · Linux Kernel+5
Pablo Neira Ayuso
+2
·
Published
2024-12-06
·
Updated
2026-05-26
·
CVE-2024-54683
CVSS v4.0
5.7
Medium
| Vector | AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.74
Description
A possible ABBA deadlock vulnerability has been identified in the Linux kernel, specifically in the netfilter IDLETIMER module. This issue occurs when the deletion of the last rule referencing a given idletimer happens simultaneously with a read of its file in sysfs, resulting in a possible circular locking dependency. A simple reproducer for this issue is provided, demonstrating how the deadlock can occur. The vulnerability is resolved by freeing the
list mutex immediately after deleting the element from the list and then continuing with the teardown.Recommendations
For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the vulnerability. As a temporary workaround, consider avoiding the simultaneous deletion and reading of idletimer rules to minimize the risk of deadlock.
Exploit
Fix
Improper Locking
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu