CVE-2024-58071

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description A vulnerability in the Linux kernel has been identified, which can lead to recursive locking when adding a device that is already a team device lower. This issue is not useful in practice and can cause a deadlock. The vulnerability occurs when a device is added to a team while it is already a lower device of another team member. For example, adding veth0 to a team when veth0 is already a lower device of vlan1, which is a team member. This can happen when using the ip link add and ip link set commands to configure network devices.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. As a temporary workaround, consider avoiding the addition of devices that are already team device lowers to prevent recursive locking. Restrict access to the team device event function to minimize the risk of exploitation until a patch is available. Avoid using the team add slave function with devices that are already team device lowers until the issue is resolved.