{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-53090","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-11-19T17:17:24.981Z","datePublished":"2024-11-21T18:17:07.366Z","dateUpdated":"2026-01-05T10:55:30.149Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-01-05T10:55:30.149Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix lock recursion\n\nafs_wake_up_async_call() can incur lock recursion.  The problem is that it\nis called from AF_RXRPC whilst holding the ->notify_lock, but it tries to\ntake a ref on the afs_call struct in order to pass it to a work queue - but\nif the afs_call is already queued, we then have an extraneous ref that must\nbe put... calling afs_put_call() may call back down into AF_RXRPC through\nrxrpc_kernel_shutdown_call(), however, which might try taking the\n->notify_lock again.\n\nThis case isn't very common, however, so defer it to a workqueue.  The oops\nlooks something like:\n\n  BUG: spinlock recursion on CPU#0, krxrpcio/7001/1646\n   lock: 0xffff888141399b30, .magic: dead4ead, .owner: krxrpcio/7001/1646, .owner_cpu: 0\n  CPU: 0 UID: 0 PID: 1646 Comm: krxrpcio/7001 Not tainted 6.12.0-rc2-build3+ #4351\n  Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014\n  Call Trace:\n   <TASK>\n   dump_stack_lvl+0x47/0x70\n   do_raw_spin_lock+0x3c/0x90\n   rxrpc_kernel_shutdown_call+0x83/0xb0\n   afs_put_call+0xd7/0x180\n   rxrpc_notify_socket+0xa0/0x190\n   rxrpc_input_split_jumbo+0x198/0x1d0\n   rxrpc_input_data+0x14b/0x1e0\n   ? rxrpc_input_call_packet+0xc2/0x1f0\n   rxrpc_input_call_event+0xad/0x6b0\n   rxrpc_input_packet_on_conn+0x1e1/0x210\n   rxrpc_input_packet+0x3f2/0x4d0\n   rxrpc_io_thread+0x243/0x410\n   ? __pfx_rxrpc_io_thread+0x10/0x10\n   kthread+0xcf/0xe0\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork+0x24/0x40\n   ? __pfx_kthread+0x10/0x10\n   ret_from_fork_asm+0x1a/0x30\n   </TASK>"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/afs/internal.h","fs/afs/rxrpc.c"],"versions":[{"version":"20acbd9a7aeee0b0af7107f3de791a52c949f3ac","lessThan":"d7cbf81df996b1eae2dee8deb6df08e2eba78661","status":"affected","versionType":"git"},{"version":"20acbd9a7aeee0b0af7107f3de791a52c949f3ac","lessThan":"610a79ffea02102899a1373fe226d949944a7ed6","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/afs/internal.h","fs/afs/rxrpc.c"],"versions":[{"version":"4.15","status":"affected"},{"version":"0","lessThan":"4.15","status":"unaffected","versionType":"semver"},{"version":"6.11.9","lessThanOrEqual":"6.11.*","status":"unaffected","versionType":"semver"},{"version":"6.12","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.11.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"6.12"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/d7cbf81df996b1eae2dee8deb6df08e2eba78661"},{"url":"https://git.kernel.org/stable/c/610a79ffea02102899a1373fe226d949944a7ed6"}],"title":"afs: Fix lock recursion","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"id":"CVE-2024-53090","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2025-10-01T20:11:33.834587Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-674","description":"CWE-674 Uncontrolled Recursion"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-01T20:17:13.815Z"}}]}}