CVE-2024-49980

一、漏洞信息
 漏洞编号：[CVE-2024-49980](https://nvd.nist.gov/vuln/detail/CVE-2024-49980)
 漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)
 漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0,6.6.0
 CVSS V3.0分值：
  BaseScore：5.5 Medium
  Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 漏洞简述：
  In the Linux kernel, the following vulnerability has been resolved:vrf: revert  vrf: Remove unnecessary RCU-bh critical section This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853.dev_queue_xmit_nit is expected to be called with BH disabled.__dev_queue_xmit has the following:        /* Disable soft irqs for various locks below. Also         * stops preemption for RCU.         */        rcu_read_lock_bh();VRF must follow this invariant. The referenced commit removed thisprotection. Which triggered a lockdep warning:	================================	WARNING: inconsistent lock state	6.11.0 #1 Tainted: G        W	--------------------------------	inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.	btserver/134819 [HC0[0]:SC0[0]:HE1:SE1] takes:	ffff8882da30c118 (rlock-AF_PACKET){+.?.}-{2:2}, at: tpacket_rcv+0x863/0x3b30	{IN-SOFTIRQ-W} state was registered at:	  lock_acquire+0x19a/0x4f0	  _raw_spin_lock+0x27/0x40	  packet_rcv+0xa33/0x1320	  __netif_receive_skb_core.constprop.0+0xcb0/0x3a90	  __netif_receive_skb_list_core+0x2c9/0x890	  netif_receive_skb_list_internal+0x610/0xcc0          [...]	other info that might help us debug this:	 Possible unsafe locking scenario:	       CPU0	       ----	  lock(rlock-AF_PACKET);	  <Interrupt>	    lock(rlock-AF_PACKET);	 *** DEADLOCK ***	Call Trace:	 <TASK>	 dump_stack_lvl+0x73/0xa0	 mark_lock+0x102e/0x16b0	 __lock_acquire+0x9ae/0x6170	 lock_acquire+0x19a/0x4f0	 _raw_spin_lock+0x27/0x40	 tpacket_rcv+0x863/0x3b30	 dev_queue_xmit_nit+0x709/0xa40	 vrf_finish_direct+0x26e/0x340 [vrf]	 vrf_l3_out+0x5f4/0xe80 [vrf]	 __ip_local_out+0x51e/0x7a0          [...]
 漏洞公开时间：2024-10-22 02:15:18
 漏洞创建时间：2024-10-22 04:23:21
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2024-49980
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/718a752bd746b3f4dd62516bb437baf73d548415 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/8c9381b3138246d46536db93ed696832abd70204 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/b04c4d9eb4f25b950b33218e33b04c94e7445e51 |  |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/e61f8c4d179b2ffc0d3b7f821c3734be738643d0 |  |
| suse_bugzilla | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-49980 | https://bugzilla.suse.com/show_bug.cgi?id=1232099 |
| suse_bugzilla | https://www.cve.org/CVERecord?id=CVE-2024-49980 | https://bugzilla.suse.com/show_bug.cgi?id=1232099 |
| suse_bugzilla | https://git.kernel.org/stable/c/718a752bd746b3f4dd62516bb437baf73d548415 | https://bugzilla.suse.com/show_bug.cgi?id=1232099 |
| suse_bugzilla | https://git.kernel.org/stable/c/8c9381b3138246d46536db93ed696832abd70204 | https://bugzilla.suse.com/show_bug.cgi?id=1232099 |
| suse_bugzilla | https://git.kernel.org/stable/c/b04c4d9eb4f25b950b33218e33b04c94e7445e51 | https://bugzilla.suse.com/show_bug.cgi?id=1232099 |
| suse_bugzilla | https://git.kernel.org/stable/c/e61f8c4d179b2ffc0d3b7f821c3734be738643d0 | https://bugzilla.suse.com/show_bug.cgi?id=1232099 |
| suse_bugzilla | https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-49980.mbox | https://bugzilla.suse.com/show_bug.cgi?id=1232099 |
| suse_bugzilla | https://bugzilla.redhat.com/show_bug.cgi?id=2320522 | https://bugzilla.suse.com/show_bug.cgi?id=1232099 |
| redhat_bugzilla | https://lore.kernel.org/linux-cve-announce/2024102135-CVE-2024-49980-da73@gregkh/T | https://bugzilla.redhat.com/show_bug.cgi?id=2320522 |
| debian |  | https://security-tracker.debian.org/tracker/CVE-2024-49980 |
| mageia |  | http://advisories.mageia.org/MGASA-2024-0345.html |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  openBrain开源漏洞感知系统
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
|  |  | https://git.kernel.org/stable/c/718a752bd746b3f4dd62516bb437baf73d548415 |  | nvd |
|  |  | https://git.kernel.org/stable/c/8c9381b3138246d46536db93ed696832abd70204 |  | nvd |
|  |  | https://git.kernel.org/stable/c/b04c4d9eb4f25b950b33218e33b04c94e7445e51 |  | nvd |
|  |  | https://git.kernel.org/stable/c/e61f8c4d179b2ffc0d3b7f821c3734be738643d0 |  | nvd |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
  In the Linux kernel, the following vulnerability has been resolved:vrf: revert  vrf: Remove unnecessary RCU-bh critical section This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853.dev_queue_xmit_nit is expected to be called with BH disabled.__dev_queue_xmit has the following:        /* Disable soft irqs for various locks below. Also         * stops preemption for RCU.         */        rcu_read_lock_bh();VRF must follow this invariant. The referenced commit removed thisprotection. Which triggered a lockdep warning:================================WARNING: inconsistent lock state6.11.0 #1 Tainted: G        W--------------------------------inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.btserver/134819 [HC0[0]:SC0[0]:HE1:SE1] takes:ffff8882da30c118 (rlock-AF_PACKET){+.?.}-{2:2}, at: tpacket_rcv+0x863/0x3b30{IN-SOFTIRQ-W} state was registered at:  lock_acquire+0x19a/0x4f0  _raw_spin_lock+0x27/0x40  packet_rcv+0xa33/0x1320  __netif_receive_skb_core.constprop.0+0xcb0/0x3a90  __netif_receive_skb_list_core+0x2c9/0x890  netif_receive_skb_list_internal+0x610/0xcc0          [...]other info that might help us debug this: Possible unsafe locking scenario:       CPU0       ----  lock(rlock-AF_PACKET);  <Interrupt>    lock(rlock-AF_PACKET); *** DEADLOCK ***Call Trace: <TASK> dump_stack_lvl+0x73/0xa0 mark_lock+0x102e/0x16b0 __lock_acquire+0x9ae/0x6170 lock_acquire+0x19a/0x4f0 _raw_spin_lock+0x27/0x40 tpacket_rcv+0x863/0x3b30 dev_queue_xmit_nit+0x709/0xa40 vrf_finish_direct+0x26e/0x340 [vrf] vrf_l3_out+0x5f4/0xe80 [vrf] __ip_local_out+0x51e/0x7a0          [...]
 openEuler评分：
  5.5
 Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 受影响版本排查(受影响/不受影响)：
  1.openEuler-24.03-LTS(6.6.0):受影响
2.openEuler-20.03-LTS-SP4(4.19.90):不受影响
3.openEuler-22.03-LTS-SP3(5.10.0):不受影响
4.openEuler-22.03-LTS-SP4(5.10.0):不受影响
5.master(6.6.0):不受影响
6.openEuler-24.03-LTS-Next(6.6.0):不受影响
7.openEuler-24.03-LTS-SP1(6.6.0):不受影响

修复是否涉及abi变化(是/否)：
  1.openEuler-20.03-LTS-SP4(4.19.90):否
2.openEuler-22.03-LTS-SP3(5.10.0):否
3.master(6.6.0):否
4.openEuler-24.03-LTS(6.6.0):否
5.openEuler-24.03-LTS-Next(6.6.0):否
6.openEuler-22.03-LTS-SP4(5.10.0):否
7.openEuler-24.03-LTS-SP1(6.6.0):否

原因说明：
  1.openEuler-24.03-LTS(6.6.0):正常修复
2.master(6.6.0):不受影响-漏洞代码不能被攻击者触发
3.openEuler-24.03-LTS-Next(6.6.0):不受影响-漏洞代码不能被攻击者触发
4.openEuler-20.03-LTS-SP4(4.19.90):不受影响-漏洞代码不存在
5.openEuler-22.03-LTS-SP3(5.10.0):不受影响-漏洞代码不存在
6.openEuler-22.03-LTS-SP4(5.10.0):不受影响-漏洞代码不存在
7.openEuler-24.03-LTS-SP1(6.6.0):不受影响-漏洞代码不存在

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-1450

src-openEuler/kernel

Content Risk Flag

Comments (22)

src-openEuler/kernel .gitee-modal { width: 500px !important; }

Content Risk Flag

CVE-2024-49980

Comments (22)

Search

src-openEuler/kernel