{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-38589","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-06-18T19:36:34.930Z","datePublished":"2024-06-19T13:45:41.258Z","dateUpdated":"2025-11-04T17:21:39.426Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:14:45.628Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: fix possible dead-lock in nr_rt_ioctl()\n\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\n\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\n\n[1]\nWARNING: possible circular locking dependency detected\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\n------------------------------------------------------\nsyz-executor350/5129 is trying to acquire lock:\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n\nbut task is already holding lock:\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (nr_node_list_lock){+...}-{2:2}:\n        lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n        __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n        _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n        spin_lock_bh include/linux/spinlock.h:356 [inline]\n        nr_remove_node net/netrom/nr_route.c:299 [inline]\n        nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\n        nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\n        sock_do_ioctl+0x158/0x460 net/socket.c:1222\n        sock_ioctl+0x629/0x8e0 net/socket.c:1341\n        vfs_ioctl fs/ioctl.c:51 [inline]\n        __do_sys_ioctl fs/ioctl.c:904 [inline]\n        __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n        do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n        do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n       entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-> #0 (&nr_node->node_lock){+...}-{2:2}:\n        check_prev_add kernel/locking/lockdep.c:3134 [inline]\n        check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n        validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\n        __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\n        lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n        __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n        _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n        spin_lock_bh include/linux/spinlock.h:356 [inline]\n        nr_node_lock include/net/netrom.h:152 [inline]\n        nr_dec_obs net/netrom/nr_route.c:464 [inline]\n        nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n        sock_do_ioctl+0x158/0x460 net/socket.c:1222\n        sock_ioctl+0x629/0x8e0 net/socket.c:1341\n        vfs_ioctl fs/ioctl.c:51 [inline]\n        __do_sys_ioctl fs/ioctl.c:904 [inline]\n        __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n        do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n        do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n       entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n       CPU0                    CPU1\n       ----                    ----\n  lock(nr_node_list_lock);\n                               lock(&nr_node->node_lock);\n                               lock(nr_node_list_lock);\n  lock(&nr_node->node_lock);\n\n *** DEADLOCK ***\n\n1 lock held by syz-executor350/5129:\n  #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n  #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n  #0: ffffffff8f70\n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netrom/nr_route.c"],"versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"b9d663fbf74290cb68fbc66ae4367bd56837ad1d","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"1fbfb483c1a290dce3f41f52d45cc46dd88b7691","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"b117e5b4f27c2c9076561b6be450a9619f0b79de","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"421c50fa81836775bf0fd6ce0e57a6eb27af24d5","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"5bc50a705cfac8f64ce51c95611c3dd0554ef9c3","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netrom/nr_route.c"],"versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","status":"unaffected","versionType":"semver"},{"version":"4.19.316","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.278","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.219","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.161","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.93","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.33","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.8.12","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9.3","lessThanOrEqual":"6.9.*","status":"unaffected","versionType":"semver"},{"version":"6.10","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"4.19.316"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.4.278"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.10.219"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.15.161"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.1.93"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.6.33"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.8.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.9.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"6.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/b9d663fbf74290cb68fbc66ae4367bd56837ad1d"},{"url":"https://git.kernel.org/stable/c/1fbfb483c1a290dce3f41f52d45cc46dd88b7691"},{"url":"https://git.kernel.org/stable/c/b117e5b4f27c2c9076561b6be450a9619f0b79de"},{"url":"https://git.kernel.org/stable/c/421c50fa81836775bf0fd6ce0e57a6eb27af24d5"},{"url":"https://git.kernel.org/stable/c/3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7"},{"url":"https://git.kernel.org/stable/c/f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8"},{"url":"https://git.kernel.org/stable/c/5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5"},{"url":"https://git.kernel.org/stable/c/5bc50a705cfac8f64ce51c95611c3dd0554ef9c3"},{"url":"https://git.kernel.org/stable/c/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6"}],"title":"netrom: fix possible dead-lock in nr_rt_ioctl()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/b9d663fbf74290cb68fbc66ae4367bd56837ad1d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/1fbfb483c1a290dce3f41f52d45cc46dd88b7691","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/b117e5b4f27c2c9076561b6be450a9619f0b79de","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/421c50fa81836775bf0fd6ce0e57a6eb27af24d5","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/5bc50a705cfac8f64ce51c95611c3dd0554ef9c3","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T17:21:39.426Z"}},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-38589","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T17:13:46.964501Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:34:54.971Z"}}]},"dataVersion":"5.2"}