{"id":"CVE-2024-35895","summary":"bpf, sockmap: Prevent lock inversion deadlock in map delete elem","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Prevent lock inversion deadlock in map delete elem\n\nsyzkaller started using corpuses where a BPF tracing program deletes\nelements from a sockmap/sockhash map. Because BPF tracing programs can be\ninvoked from any interrupt context, locks taken during a map_delete_elem\noperation must be hardirq-safe. Otherwise a deadlock due to lock inversion\nis possible, as reported by lockdep:\n\n       CPU0                    CPU1\n       ----                    ----\n  lock(&htab-\u003ebuckets[i].lock);\n                               local_irq_disable();\n                               lock(&host-\u003elock);\n                               lock(&htab-\u003ebuckets[i].lock);\n  \u003cInterrupt\u003e\n    lock(&host-\u003elock);\n\nLocks in sockmap are hardirq-unsafe by design. We expects elements to be\ndeleted from sockmap/sockhash only in task (normal) context with interrupts\nenabled, or in softirq context.\n\nDetect when map_delete_elem operation is invoked from a context which is\n_not_ hardirq-unsafe, that is interrupts are disabled, and bail out with an\nerror.\n\nNote that map updates are not affected by this issue. BPF verifier does not\nallow updating sockmap/sockhash from a BPF tracing program today.","modified":"2026-04-02T11:51:52.346704Z","published":"2024-05-19T08:34:50.276Z","related":["ALSA-2024:6997","SUSE-SU-2024:1979-1","SUSE-SU-2024:1983-1","SUSE-SU-2024:2008-1","SUSE-SU-2024:2010-1","SUSE-SU-2024:2011-1","SUSE-SU-2024:2019-1","SUSE-SU-2024:2135-1","SUSE-SU-2024:2183-1","SUSE-SU-2024:2184-1","SUSE-SU-2024:2185-1","SUSE-SU-2024:2189-1","SUSE-SU-2024:2190-1","SUSE-SU-2024:2203-1","SUSE-SU-2024:2973-1","SUSE-SU-2025:01995-1","SUSE-SU-2025:0231-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/35xxx/CVE-2024-35895.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/668b3074aa14829e2ac2759799537a93b60fef86"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6af057ccdd8e7619960aca1f0428339f213b31cd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a44770fed86515eedb5a7c00b787f847ebb134a5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dd54b48db0c822ae7b520bc80751f0a0a173ef75"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f7990498b05ac41f7d6a190dc0418ef1d21bf058"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ff91059932401894e6c86341915615c5eb0eca48"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/35xxx/CVE-2024-35895.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35895"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"604326b41a6fb9b4a78b6179335decee0365cd8c"},{"fixed":"f7990498b05ac41f7d6a190dc0418ef1d21bf058"},{"fixed":"dd54b48db0c822ae7b520bc80751f0a0a173ef75"},{"fixed":"d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec"},{"fixed":"a44770fed86515eedb5a7c00b787f847ebb134a5"},{"fixed":"668b3074aa14829e2ac2759799537a93b60fef86"},{"fixed":"6af057ccdd8e7619960aca1f0428339f213b31cd"},{"fixed":"ff91059932401894e6c86341915615c5eb0eca48"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35895.json"}}],"schema_version":"1.7.5"}