CVE-2024-26725

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Apr 3, 2024

Updated: Jan 7, 2025

CWE ID 667

Summary

CVE-2024-26725 is a Linux kernel vulnerability affecting the netlink dump operation. A deadlock warning occurs during dpll pin dump due to a circular locking dependency between two mutexes, dpll_lock and nlk_cb_mutex-GENERIC. The issue arises when __netlink_dump_start() holds nlk->cb_mutex and calls a function that takes dpll_lock, while nlk->cb_mutex is released and taken again in netlink_dump(). This results in an ABBA deadlock. The fix involves moving the dpll_lock taking into the dumpit() callback to ensure proper lock taking order.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uk6T1h
https://www.cve.org/CVERecord?id=CVE-2024-26725
https://nvd.nist.gov/vuln/detail/CVE-2024-26725

Back to Vulnerability Database