{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-26781","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.177Z","datePublished":"2024-04-04T08:20:15.775Z","dateUpdated":"2026-05-11T20:04:03.326Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:04:03.326Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix possible deadlock in subflow diag\n\nSyzbot and Eric reported a lockdep splat in the subflow diag:\n\n   WARNING: possible circular locking dependency detected\n   6.8.0-rc4-syzkaller-00212-g40b9385dd8e6 #0 Not tainted\n\n   syz-executor.2/24141 is trying to acquire lock:\n   ffff888045870130 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at:\n   tcp_diag_put_ulp net/ipv4/tcp_diag.c:100 [inline]\n   ffff888045870130 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at:\n   tcp_diag_get_aux+0x738/0x830 net/ipv4/tcp_diag.c:137\n\n   but task is already holding lock:\n   ffffc9000135e488 (&h->lhash2[i].lock){+.+.}-{2:2}, at: spin_lock\n   include/linux/spinlock.h:351 [inline]\n   ffffc9000135e488 (&h->lhash2[i].lock){+.+.}-{2:2}, at:\n   inet_diag_dump_icsk+0x39f/0x1f80 net/ipv4/inet_diag.c:1038\n\n   which lock already depends on the new lock.\n\n   the existing dependency chain (in reverse order) is:\n\n   -> #1 (&h->lhash2[i].lock){+.+.}-{2:2}:\n   lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754\n   __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]\n   _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154\n   spin_lock include/linux/spinlock.h:351 [inline]\n   __inet_hash+0x335/0xbe0 net/ipv4/inet_hashtables.c:743\n   inet_csk_listen_start+0x23a/0x320 net/ipv4/inet_connection_sock.c:1261\n   __inet_listen_sk+0x2a2/0x770 net/ipv4/af_inet.c:217\n   inet_listen+0xa3/0x110 net/ipv4/af_inet.c:239\n   rds_tcp_listen_init+0x3fd/0x5a0 net/rds/tcp_listen.c:316\n   rds_tcp_init_net+0x141/0x320 net/rds/tcp.c:577\n   ops_init+0x352/0x610 net/core/net_namespace.c:136\n   __register_pernet_operations net/core/net_namespace.c:1214 [inline]\n   register_pernet_operations+0x2cb/0x660 net/core/net_namespace.c:1283\n   register_pernet_device+0x33/0x80 net/core/net_namespace.c:1370\n   rds_tcp_init+0x62/0xd0 net/rds/tcp.c:735\n   do_one_initcall+0x238/0x830 init/main.c:1236\n   do_initcall_level+0x157/0x210 init/main.c:1298\n   do_initcalls+0x3f/0x80 init/main.c:1314\n   kernel_init_freeable+0x42f/0x5d0 init/main.c:1551\n   kernel_init+0x1d/0x2a0 init/main.c:1441\n   ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n   ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242\n\n   -> #0 (k-sk_lock-AF_INET6){+.+.}-{0:0}:\n   check_prev_add kernel/locking/lockdep.c:3134 [inline]\n   check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n   validate_chain+0x18ca/0x58e0 kernel/locking/lockdep.c:3869\n   __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137\n   lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754\n   lock_sock_fast include/net/sock.h:1723 [inline]\n   subflow_get_info+0x166/0xd20 net/mptcp/diag.c:28\n   tcp_diag_put_ulp net/ipv4/tcp_diag.c:100 [inline]\n   tcp_diag_get_aux+0x738/0x830 net/ipv4/tcp_diag.c:137\n   inet_sk_diag_fill+0x10ed/0x1e00 net/ipv4/inet_diag.c:345\n   inet_diag_dump_icsk+0x55b/0x1f80 net/ipv4/inet_diag.c:1061\n   __inet_diag_dump+0x211/0x3a0 net/ipv4/inet_diag.c:1263\n   inet_diag_dump_compat+0x1c1/0x2d0 net/ipv4/inet_diag.c:1371\n   netlink_dump+0x59b/0xc80 net/netlink/af_netlink.c:2264\n   __netlink_dump_start+0x5df/0x790 net/netlink/af_netlink.c:2370\n   netlink_dump_start include/linux/netlink.h:338 [inline]\n   inet_diag_rcv_msg_compat+0x209/0x4c0 net/ipv4/inet_diag.c:1405\n   sock_diag_rcv_msg+0xe7/0x410\n   netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543\n   sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280\n   netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n   netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367\n   netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908\n   sock_sendmsg_nosec net/socket.c:730 [inline]\n   __sock_sendmsg+0x221/0x270 net/socket.c:745\n   ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\n   ___sys_sendmsg net/socket.c:2638 [inline]\n   __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\n   do_syscall_64+0xf9/0x240\n   entry_SYSCALL_64_after_hwframe+0x6f/0x77\n\nAs noted by Eric we can break the lock dependency chain avoid\ndumping \n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/mptcp/diag.c"],"versions":[{"version":"8affdbb3e2ef6b6a3a467b87dc336dc601dc2ed9","lessThan":"70e5b013538d5e4cb421afed431a5fcd2a5d49ee","status":"affected","versionType":"git"},{"version":"7d6e8d7ee13b876e762b11f4ec210876ab7aec84","lessThan":"cc32ba2fdf3f8b136619fff551f166ba51ec856d","status":"affected","versionType":"git"},{"version":"71787c665d09a970b9280c285181d3a2d1bf3bb0","lessThan":"f27d319df055629480b84b9288a502337b6f2a2e","status":"affected","versionType":"git"},{"version":"e074c8297ee421e7ff352404262fe0e042954ab7","lessThan":"fa8c776f4c323a9fbc8ddf25edcb962083391430","status":"affected","versionType":"git"},{"version":"298ac00da8e6bc2dcd690b45108acbd944c347d3","lessThan":"d487e7ba1bc7444d5f062c4930ef8436c47c7e63","status":"affected","versionType":"git"},{"version":"b8adb69a7d29c2d33eb327bca66476fb6066516b","lessThan":"d6a9608af9a75d13243d217f6ce1e30e57d56ffe","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/mptcp/diag.c"],"versions":[{"version":"5.10.211","lessThan":"5.10.212","status":"affected","versionType":"semver"},{"version":"5.15.150","lessThan":"5.15.151","status":"affected","versionType":"semver"},{"version":"6.1.80","lessThan":"6.1.81","status":"affected","versionType":"semver"},{"version":"6.6.19","lessThan":"6.6.21","status":"affected","versionType":"semver"},{"version":"6.7.7","lessThan":"6.7.9","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.211","versionEndExcluding":"5.10.212"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.150","versionEndExcluding":"5.15.151"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.80","versionEndExcluding":"6.1.81"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.19","versionEndExcluding":"6.6.21"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7.7","versionEndExcluding":"6.7.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/70e5b013538d5e4cb421afed431a5fcd2a5d49ee"},{"url":"https://git.kernel.org/stable/c/cc32ba2fdf3f8b136619fff551f166ba51ec856d"},{"url":"https://git.kernel.org/stable/c/f27d319df055629480b84b9288a502337b6f2a2e"},{"url":"https://git.kernel.org/stable/c/fa8c776f4c323a9fbc8ddf25edcb962083391430"},{"url":"https://git.kernel.org/stable/c/d487e7ba1bc7444d5f062c4930ef8436c47c7e63"},{"url":"https://git.kernel.org/stable/c/d6a9608af9a75d13243d217f6ce1e30e57d56ffe"}],"title":"mptcp: fix possible deadlock in subflow diag","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-26781","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-04-04T15:25:28.472646Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:49:22.582Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T00:14:13.451Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/70e5b013538d5e4cb421afed431a5fcd2a5d49ee","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/cc32ba2fdf3f8b136619fff551f166ba51ec856d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/f27d319df055629480b84b9288a502337b6f2a2e","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/fa8c776f4c323a9fbc8ddf25edcb962083391430","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/d487e7ba1bc7444d5f062c4930ef8436c47c7e63","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/d6a9608af9a75d13243d217f6ce1e30e57d56ffe","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","tags":["x_transferred"]}]}]},"dataVersion":"5.2"}