CVE-2024-42114
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
30/07/2024
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values<br />
<br />
syzbot is able to trigger softlockups, setting NL80211_ATTR_TXQ_QUANTUM<br />
to 2^31.<br />
<br />
We had a similar issue in sch_fq, fixed with commit<br />
d9e15a273306 ("pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM")<br />
<br />
watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [kworker/1:0:24]<br />
Modules linked in:<br />
irq event stamp: 131135<br />
hardirqs last enabled at (131134): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:85 [inline]<br />
hardirqs last enabled at (131134): [] exit_to_kernel_mode+0xdc/0x10c arch/arm64/kernel/entry-common.c:95<br />
hardirqs last disabled at (131135): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]<br />
hardirqs last disabled at (131135): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551<br />
softirqs last enabled at (125892): [] neigh_hh_init net/core/neighbour.c:1538 [inline]<br />
softirqs last enabled at (125892): [] neigh_resolve_output+0x268/0x658 net/core/neighbour.c:1553<br />
softirqs last disabled at (125896): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19<br />
CPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0<br />
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024<br />
Workqueue: mld mld_ifc_work<br />
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br />
pc : __list_del include/linux/list.h:195 [inline]<br />
pc : __list_del_entry include/linux/list.h:218 [inline]<br />
pc : list_move_tail include/linux/list.h:310 [inline]<br />
pc : fq_tin_dequeue include/net/fq_impl.h:112 [inline]<br />
pc : ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854<br />
lr : __list_del_entry include/linux/list.h:218 [inline]<br />
lr : list_move_tail include/linux/list.h:310 [inline]<br />
lr : fq_tin_dequeue include/net/fq_impl.h:112 [inline]<br />
lr : ieee80211_tx_dequeue+0x67c/0x3b4c net/mac80211/tx.c:3854<br />
sp : ffff800093d36700<br />
x29: ffff800093d36a60 x28: ffff800093d36960 x27: dfff800000000000<br />
x26: ffff0000d800ad50 x25: ffff0000d800abe0 x24: ffff0000d800abf0<br />
x23: ffff0000e0032468 x22: ffff0000e00324d4 x21: ffff0000d800abf0<br />
x20: ffff0000d800abf8 x19: ffff0000d800abf0 x18: ffff800093d363c0<br />
x17: 000000000000d476 x16: ffff8000805519dc x15: ffff7000127a6cc8<br />
x14: 1ffff000127a6cc8 x13: 0000000000000004 x12: ffffffffffffffff<br />
x11: ffff7000127a6cc8 x10: 0000000000ff0100 x9 : 0000000000000000<br />
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000<br />
x5 : ffff80009287aa08 x4 : 0000000000000008 x3 : ffff80008034c7fc<br />
x2 : ffff0000e0032468 x1 : 00000000da0e46b8 x0 : ffff0000e0032470<br />
Call trace:<br />
__list_del include/linux/list.h:195 [inline]<br />
__list_del_entry include/linux/list.h:218 [inline]<br />
list_move_tail include/linux/list.h:310 [inline]<br />
fq_tin_dequeue include/net/fq_impl.h:112 [inline]<br />
ieee80211_tx_dequeue+0x6b8/0x3b4c net/mac80211/tx.c:3854<br />
wake_tx_push_queue net/mac80211/util.c:294 [inline]<br />
ieee80211_handle_wake_tx_queue+0x118/0x274 net/mac80211/util.c:315<br />
drv_wake_tx_queue net/mac80211/driver-ops.h:1350 [inline]<br />
schedule_and_wake_txq net/mac80211/driver-ops.h:1357 [inline]<br />
ieee80211_queue_skb+0x18e8/0x2244 net/mac80211/tx.c:1664<br />
ieee80211_tx+0x260/0x400 net/mac80211/tx.c:1966<br />
ieee80211_xmit+0x278/0x354 net/mac80211/tx.c:2062<br />
__ieee80211_subif_start_xmit+0xab8/0x122c net/mac80211/tx.c:4338<br />
ieee80211_subif_start_xmit+0xe0/0x438 net/mac80211/tx.c:4532<br />
__netdev_start_xmit include/linux/netdevice.h:4903 [inline]<br />
netdev_start_xmit include/linux/netdevice.h:4917 [inline]<br />
xmit_one net/core/dev.c:3531 [inline]<br />
dev_hard_start_xmit+0x27c/0x938 net/core/dev.c:3547<br />
__dev_queue_xmit+0x1678/0x33fc net/core/dev.c:4341<br />
dev_queue_xmit include/linux/netdevice.h:3091 [inline]<br />
neigh_resolve_output+0x558/0x658 net/core/neighbour.c:1563<br />
neigh_output include/net/neighbour.h:542 [inline]<br />
ip6_fini<br />
---truncated---
Impact
Base Score 3.x
4.40
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.18 (including) | 5.10.244 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.165 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.106 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.47 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.9.9 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/33ac5a4eb3d4bea2146658f1b6d1fa86d62d2b22
- https://git.kernel.org/stable/c/3fc06f6d142d2840735543216a60d0a8c345bdec
- https://git.kernel.org/stable/c/80ac0cc9c0bef984e29637b1efa93d7214b42f53
- https://git.kernel.org/stable/c/8a3ac7fb36962c34698f884bd697938054ff2afa
- https://git.kernel.org/stable/c/d1cba2ea8121e7fdbe1328cea782876b1dd80993
- https://git.kernel.org/stable/c/e87c2f098f52aa2fe20258a5bb1738d6a74e9ed7
- https://git.kernel.org/stable/c/d1cba2ea8121e7fdbe1328cea782876b1dd80993
- https://git.kernel.org/stable/c/e87c2f098f52aa2fe20258a5bb1738d6a74e9ed7
- https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html