TCP Timers Deadlock in Linux Kernel's SMB Client
CVE-2024-54680

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 January 2025

Summary

The Linux kernel's SMB client has a vulnerability that can lead to a TCP timers deadlock when the cifs module is unloaded. This issue arises from improperly managing socket reference counting, specifically with the sk->sk_net_refcnt value. When this value is set manually after socket creation, it prevents the TCP timers from being cleared upon closing the socket. Consequently, this can result in a lock dependency warning and potential system deadlock. The fix requires adhering to proper socket internals handling without manual interference with network namespace reference counts.

Affected Version(s)

Linux e8c71494181153a134c96da28766a57bd1eac8cb < 906807c734ed219dcb2e7bbfde5c4168ed72a3d0

Linux ef7134c7fc48e1441b398e55a862232868a6f0a7 < 127e907e11ccd54b59bb78fc22c43ccb76c71079

Linux ef7134c7fc48e1441b398e55a862232868a6f0a7

References

https://git.kernel.org/stable/c/906807c734ed219dcb2e7bbfd...

https://git.kernel.org/stable/c/127e907e11ccd54b59bb78fc2...

https://git.kernel.org/stable/c/e9f2517a3e18a54a3943c098d...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 11, 2025