CVE-2024-56694
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-56694 is a vulnerability affecting the Linux kernel that involves a deadlock in the stream_verdict program when it returns SK_PASS. This issue arises because the skb is placed in the receive queue, but a recursive lock occurs during the process, leading to an operating system deadlock. This vulnerability has been present since version 6.9. The problem comes from a lack of proper synchronization during the sk_psock_skb_ingress_enqueue and sk_psock_data_ready functions, resulting in the read_lock_bh(&sk->sk_callback_lock) call causing a deadlock. Despite previous discussions on this topic, a fix has not been implemented in the kernel.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX