{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-35895","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-17T13:50:33.113Z","datePublished":"2024-05-19T08:34:50.276Z","dateUpdated":"2026-05-12T11:52:30.641Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:13:19.610Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Prevent lock inversion deadlock in map delete elem\n\nsyzkaller started using corpuses where a BPF tracing program deletes\nelements from a sockmap/sockhash map. Because BPF tracing programs can be\ninvoked from any interrupt context, locks taken during a map_delete_elem\noperation must be hardirq-safe. Otherwise a deadlock due to lock inversion\nis possible, as reported by lockdep:\n\n       CPU0                    CPU1\n       ----                    ----\n  lock(&htab->buckets[i].lock);\n                               local_irq_disable();\n                               lock(&host->lock);\n                               lock(&htab->buckets[i].lock);\n  <Interrupt>\n    lock(&host->lock);\n\nLocks in sockmap are hardirq-unsafe by design. We expects elements to be\ndeleted from sockmap/sockhash only in task (normal) context with interrupts\nenabled, or in softirq context.\n\nDetect when map_delete_elem operation is invoked from a context which is\n_not_ hardirq-unsafe, that is interrupts are disabled, and bail out with an\nerror.\n\nNote that map updates are not affected by this issue. BPF verifier does not\nallow updating sockmap/sockhash from a BPF tracing program today."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/core/sock_map.c"],"versions":[{"version":"604326b41a6fb9b4a78b6179335decee0365cd8c","lessThan":"f7990498b05ac41f7d6a190dc0418ef1d21bf058","status":"affected","versionType":"git"},{"version":"604326b41a6fb9b4a78b6179335decee0365cd8c","lessThan":"dd54b48db0c822ae7b520bc80751f0a0a173ef75","status":"affected","versionType":"git"},{"version":"604326b41a6fb9b4a78b6179335decee0365cd8c","lessThan":"d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec","status":"affected","versionType":"git"},{"version":"604326b41a6fb9b4a78b6179335decee0365cd8c","lessThan":"a44770fed86515eedb5a7c00b787f847ebb134a5","status":"affected","versionType":"git"},{"version":"604326b41a6fb9b4a78b6179335decee0365cd8c","lessThan":"668b3074aa14829e2ac2759799537a93b60fef86","status":"affected","versionType":"git"},{"version":"604326b41a6fb9b4a78b6179335decee0365cd8c","lessThan":"6af057ccdd8e7619960aca1f0428339f213b31cd","status":"affected","versionType":"git"},{"version":"604326b41a6fb9b4a78b6179335decee0365cd8c","lessThan":"ff91059932401894e6c86341915615c5eb0eca48","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/core/sock_map.c"],"versions":[{"version":"4.20","status":"affected"},{"version":"0","lessThan":"4.20","status":"unaffected","versionType":"semver"},{"version":"5.4.274","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.215","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.154","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.85","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.26","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.8.5","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.274"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.10.215"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.15.154"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"6.1.85"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"6.6.26"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"6.8.5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"6.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/f7990498b05ac41f7d6a190dc0418ef1d21bf058"},{"url":"https://git.kernel.org/stable/c/dd54b48db0c822ae7b520bc80751f0a0a173ef75"},{"url":"https://git.kernel.org/stable/c/d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec"},{"url":"https://git.kernel.org/stable/c/a44770fed86515eedb5a7c00b787f847ebb134a5"},{"url":"https://git.kernel.org/stable/c/668b3074aa14829e2ac2759799537a93b60fef86"},{"url":"https://git.kernel.org/stable/c/6af057ccdd8e7619960aca1f0428339f213b31cd"},{"url":"https://git.kernel.org/stable/c/ff91059932401894e6c86341915615c5eb0eca48"}],"title":"bpf, sockmap: Prevent lock inversion deadlock in map delete elem","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-35895","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-05-23T19:25:39.256006Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:34:48.419Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T03:21:48.577Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/f7990498b05ac41f7d6a190dc0418ef1d21bf058","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/dd54b48db0c822ae7b520bc80751f0a0a173ef75","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a44770fed86515eedb5a7c00b787f847ebb134a5","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/668b3074aa14829e2ac2759799537a93b60fef86","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6af057ccdd8e7619960aca1f0428339f213b31cd","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ff91059932401894e6c86341915615c5eb0eca48","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","tags":["x_transferred"]}]},{"x_adpType":"supplier","providerMetadata":{"orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP","dateUpdated":"2026-05-12T11:52:30.641Z"},"affected":[{"vendor":"Siemens","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html"}]}]},"dataVersion":"5.2"}