{"id":"CVE-2024-56694","summary":"bpf: fix recursive lock when verdict program return SK_PASS","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix recursive lock when verdict program return SK_PASS\n\nWhen the stream_verdict program returns SK_PASS, it places the received skb\ninto its own receive queue, but a recursive lock eventually occurs, leading\nto an operating system deadlock. This issue has been present since v6.9.\n\n'''\nsk_psock_strp_data_ready\n    write_lock_bh(&sk-\u003esk_callback_lock)\n    strp_data_ready\n      strp_read_sock\n        read_sock -\u003e tcp_read_sock\n          strp_recv\n            cb.rcv_msg -\u003e sk_psock_strp_read\n              # now stream_verdict return SK_PASS without peer sock assign\n              __SK_PASS = sk_psock_map_verd(SK_PASS, NULL)\n              sk_psock_verdict_apply\n                sk_psock_skb_ingress_self\n                  sk_psock_skb_ingress_enqueue\n                    sk_psock_data_ready\n                      read_lock_bh(&sk-\u003esk_callback_lock) \u003c= dead lock\n\n'''\n\nThis topic has been discussed before, but it has not been fixed.\nPrevious discussion:\nhttps://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch","modified":"2026-04-02T12:25:07.310566Z","published":"2024-12-28T09:46:18.826Z","related":["SUSE-SU-2025:0289-1","SUSE-SU-2025:0428-1","SUSE-SU-2025:0499-1","SUSE-SU-2025:0557-1","SUSE-SU-2025:20165-1","SUSE-SU-2025:20166-1","SUSE-SU-2025:20248-1","SUSE-SU-2025:20249-1","USN-7276-1","USN-7277-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56694.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/01f1b88acfd79103da0610b45471f6c88ea98d72"},{"type":"WEB","url":"https://git.kernel.org/stable/c/221109ba2127eabd0aa64718543638b58b15df56"},{"type":"WEB","url":"https://git.kernel.org/stable/c/386efa339e08563dd33e83bc951aea5d407fe578"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6694f7acd625ed854bf6342926e771d65dad7f69"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8ca2a1eeadf09862190b2810697702d803ceef2d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/da2bc8a0c8f3ac66fdf980fc59936f851a083561"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f84c5ef6ca23cc2f72f3b830d74f67944684bb05"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/56xxx/CVE-2024-56694.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56694"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c0809c128dad4c3413818384eb06a341633db973"},{"fixed":"221109ba2127eabd0aa64718543638b58b15df56"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"5965bc7535fb87510b724e5465ccc1a1cf00916d"},{"fixed":"6694f7acd625ed854bf6342926e771d65dad7f69"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"39dc9e1442385d6e9be0b6491ee488dddd55ae27"},{"fixed":"386efa339e08563dd33e83bc951aea5d407fe578"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"b397a0ab8582c533ec0c6b732392f141fc364f87"},{"fixed":"da2bc8a0c8f3ac66fdf980fc59936f851a083561"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"6648e613226e18897231ab5e42ffc29e63fa3365"},{"fixed":"01f1b88acfd79103da0610b45471f6c88ea98d72"},{"fixed":"f84c5ef6ca23cc2f72f3b830d74f67944684bb05"},{"fixed":"8ca2a1eeadf09862190b2810697702d803ceef2d"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"772d5729b5ff0df0d37b32db600ce635b2172f80"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56694.json"}}],"schema_version":"1.7.5"}