Ubuntu: (Multiple Advisories) (CVE-2024-58071): Linux kernel vulnerabilities
Description
In the Linux kernel, the following vulnerability has been resolved: team: prevent adding a device which is already a team device lower Prevent adding a device which is already a team device lower, e.g. adding veth0 if vlan1 was already added and veth0 is a lower of vlan1. This is not useful in practice and can lead to recursive locking: $ ip link add veth0 type veth peer name veth1 $ ip link set veth0 up $ ip link set veth1 up $ ip link add link veth0 name veth0.1 type vlan protocol 802.1Q id 1 $ ip link add team0 type team $ ip link set veth0.1 down $ ip link set veth0.1 master team0 team0: Port device veth0.1 added $ ip link set veth0 down $ ip link set veth0 master team0 ============================================ WARNING: possible recursive locking detected 6.13.0-rc2-virtme-00441-ga14a429069bb #46 Not tainted -------------------------------------------- ip/7684 is trying to acquire lock: ffff888016848e00 (team->team_lock_key){+.+.}-{4:4}, at: team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) but task is already holding lock: ffff888016848e00 (team->team_lock_key){+.+.}-{4:4}, at: team_add_slave (drivers/net/team/team_core.c:1147 drivers/net/team/team_core.c:1977) other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(team->team_lock_key); lock(team->team_lock_key); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by ip/7684: stack backtrace: CPU: 3 UID: 0 PID: 7684 Comm: ip Not tainted 6.13.0-rc2-virtme-00441-ga14a429069bb #46 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:122) print_deadlock_bug.cold (kernel/locking/lockdep.c:3040) __lock_acquire (kernel/locking/lockdep.c:3893 kernel/locking/lockdep.c:5226) ? netlink_broadcast_filtered (net/netlink/af_netlink.c:1548) lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 2)) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? lock_acquire (kernel/locking/lockdep.c:5822) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) __mutex_lock (kernel/locking/mutex.c:587 kernel/locking/mutex.c:735) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? fib_sync_up (net/ipv4/fib_semantics.c:2167) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) notifier_call_chain (kernel/notifier.c:85) call_netdevice_notifiers_info (net/core/dev.c:1996) __dev_notify_flags (net/core/dev.c:8993) ? __dev_change_flags (net/core/dev.c:8975) dev_change_flags (net/core/dev.c:9027) vlan_device_event (net/8021q/vlan.c:85 net/8021q/vlan.c:470) ? br_device_event (net/bridge/br.c:143) notifier_call_chain (kernel/notifier.c:85) call_netdevice_notifiers_info (net/core/dev.c:1996) dev_open (net/core/dev.c:1519 net/core/dev.c:1505) team_add_slave (drivers/net/team/team_core.c:1219 drivers/net/team/team_core.c:1977) ? __pfx_team_add_slave (drivers/net/team/team_core.c:1972) do_set_master (net/core/rtnetlink.c:2917) do_setlink.isra.0 (net/core/rtnetlink.c:3117)
Solution(s)
- ubuntu-upgrade-linux-image-5-15-0-1066-gkeop
- ubuntu-upgrade-linux-image-5-15-0-1076-ibm
- ubuntu-upgrade-linux-image-5-15-0-1078-nvidia
- ubuntu-upgrade-linux-image-5-15-0-1078-nvidia-lowlatency
- ubuntu-upgrade-linux-image-5-15-0-1079-intel-iotg
- ubuntu-upgrade-linux-image-5-15-0-1080-kvm
- ubuntu-upgrade-linux-image-5-15-0-1081-oracle
- ubuntu-upgrade-linux-image-5-15-0-1083-gcp
- ubuntu-upgrade-linux-image-5-15-0-1083-gcp-fips
- ubuntu-upgrade-linux-image-5-15-0-140-fips
- ubuntu-upgrade-linux-image-5-15-0-140-generic
- ubuntu-upgrade-linux-image-5-15-0-140-generic-64k
- ubuntu-upgrade-linux-image-5-15-0-140-generic-lpae
- ubuntu-upgrade-linux-image-5-15-0-140-lowlatency
- ubuntu-upgrade-linux-image-5-15-0-140-lowlatency-64k
- ubuntu-upgrade-linux-image-5-4-0-1064-xilinx-zynqmp
- ubuntu-upgrade-linux-image-5-4-0-1144-oracle
- ubuntu-upgrade-linux-image-5-4-0-1149-gcp
- ubuntu-upgrade-linux-image-5-4-0-1149-gcp-fips
- ubuntu-upgrade-linux-image-5-4-0-1151-azure
- ubuntu-upgrade-linux-image-5-4-0-1151-azure-fips
- ubuntu-upgrade-linux-image-5-4-0-216-generic
- ubuntu-upgrade-linux-image-5-4-0-216-generic-lpae
- ubuntu-upgrade-linux-image-5-4-0-216-lowlatency
- ubuntu-upgrade-linux-image-6-11-0-1010-realtime
- ubuntu-upgrade-linux-image-6-11-0-1013-raspi
- ubuntu-upgrade-linux-image-6-11-0-1015-azure
- ubuntu-upgrade-linux-image-6-11-0-1015-azure-fde
- ubuntu-upgrade-linux-image-6-11-0-1015-gcp
- ubuntu-upgrade-linux-image-6-11-0-1015-gcp-64k
- ubuntu-upgrade-linux-image-6-11-0-1022-oem
- ubuntu-upgrade-linux-image-6-11-0-26-generic
- ubuntu-upgrade-linux-image-6-11-0-26-generic-64k
- ubuntu-upgrade-linux-image-azure
- ubuntu-upgrade-linux-image-azure-fde
- ubuntu-upgrade-linux-image-azure-fips
- ubuntu-upgrade-linux-image-fips
- ubuntu-upgrade-linux-image-gcp
- ubuntu-upgrade-linux-image-gcp-64k
- ubuntu-upgrade-linux-image-gcp-fips
- ubuntu-upgrade-linux-image-gcp-lts-20-04
- ubuntu-upgrade-linux-image-gcp-lts-22-04
- ubuntu-upgrade-linux-image-generic
- ubuntu-upgrade-linux-image-generic-64k
- ubuntu-upgrade-linux-image-generic-64k-hwe-24-04
- ubuntu-upgrade-linux-image-generic-hwe-24-04
- ubuntu-upgrade-linux-image-generic-lpae
- ubuntu-upgrade-linux-image-gkeop
- ubuntu-upgrade-linux-image-gkeop-5-15
- ubuntu-upgrade-linux-image-ibm
- ubuntu-upgrade-linux-image-intel-iotg
- ubuntu-upgrade-linux-image-kvm
- ubuntu-upgrade-linux-image-lowlatency
- ubuntu-upgrade-linux-image-lowlatency-64k
- ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04
- ubuntu-upgrade-linux-image-lowlatency-hwe-20-04
- ubuntu-upgrade-linux-image-nvidia
- ubuntu-upgrade-linux-image-nvidia-lowlatency
- ubuntu-upgrade-linux-image-oem
- ubuntu-upgrade-linux-image-oem-24-04b
- ubuntu-upgrade-linux-image-oem-osp1
- ubuntu-upgrade-linux-image-oracle
- ubuntu-upgrade-linux-image-oracle-lts-20-04
- ubuntu-upgrade-linux-image-oracle-lts-22-04
- ubuntu-upgrade-linux-image-raspi
- ubuntu-upgrade-linux-image-realtime
- ubuntu-upgrade-linux-image-virtual
- ubuntu-upgrade-linux-image-virtual-hwe-24-04
- ubuntu-upgrade-linux-image-xilinx-zynqmp
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center