CVE-2024-38589: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: netrom: fix possible dead-lock in nr_rt_ioctl() syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1] Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node) [1] WARNING: possible circular locking dependency detected 6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted ------------------------------------------------------ syz-executor350/5129 is trying to acquire lock: ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline] ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline] ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697 but task is already holding lock: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline] ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (nr_node_list_lock){+...}-{2:2}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] nr_remove_node net/netrom/nr_route.c:299 [inline] nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355 nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683 sock_do_ioctl+0x158/0x460 net/socket.c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #0 (&nr_node->node_lock){+...}-{2:2}: check_prev_add kernel/locking/lockdep.c:3134 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] nr_node_lock include/net/netrom.h:152 [inline] nr_dec_obs net/netrom/nr_route.c:464 [inline] nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697 sock_do_ioctl+0x158/0x460 net/socket.c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(nr_node_list_lock); lock(&nr_node->node_lock); lock(nr_node_list_lock); lock(&nr_node->node_lock); *** DEADLOCK *** 1 lock held by syz-executor350/5129: #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline] #0: ffffffff8f70 ---truncated---
AI Analysis
Technical Summary
CVE-2024-38589 is a vulnerability identified in the Linux kernel's netrom networking protocol implementation. The issue arises from a potential deadlock condition in the nr_rt_ioctl() function due to improper lock acquisition order. Specifically, the vulnerability involves two spinlocks: nr_node_list_lock and nr_node->node_lock. The kernel code fails to consistently acquire these locks in a safe order, leading to a circular locking dependency. This can cause a deadlock when one CPU holds nr_node_list_lock and attempts to acquire nr_node->node_lock, while another CPU holds nr_node->node_lock and tries to acquire nr_node_list_lock. The deadlock scenario is confirmed by kernel lock dependency warnings and syzbot fuzzing reports. The root cause is that the locking order is not enforced correctly, and the fix involves ensuring that nr_node_list_lock is always acquired before nr_node->node_lock to prevent circular dependencies. This vulnerability affects Linux kernel versions prior to the patch and is specifically related to the netrom protocol code paths in nr_rt_ioctl and related functions. No known exploits are reported in the wild, and the vulnerability was discovered through automated kernel fuzzing tools like syzbot. The technical details indicate that the vulnerability is a concurrency bug that can cause system hangs or kernel lockups due to deadlocks in kernel space, impacting system stability and availability. The vulnerability does not involve privilege escalation or direct code execution but can cause denial of service by halting kernel threads or processes that invoke the affected ioctl calls.
Potential Impact
For European organizations, the primary impact of CVE-2024-38589 is on system availability and stability. Systems running vulnerable Linux kernel versions with netrom protocol support enabled could experience kernel deadlocks leading to system hangs or crashes. This can disrupt critical services, especially in environments relying on Linux servers for networking, telecommunications, or embedded systems that use netrom. Although netrom is a niche protocol primarily used in amateur radio and some specialized networking scenarios, Linux is widely deployed across European enterprises, government agencies, and infrastructure providers. Any Linux-based system that has netrom enabled or compiled in could be susceptible. The deadlock could be triggered by local users or processes invoking specific ioctl calls, potentially leading to denial of service conditions. This could affect data centers, telecom providers, and industrial control systems using Linux. The impact is less about data confidentiality or integrity and more about operational continuity. Organizations with high availability requirements or those running critical Linux infrastructure should consider this vulnerability seriously. The lack of known exploits reduces immediate risk, but the presence of a kernel-level deadlock bug warrants prompt patching to avoid potential service disruptions.
Mitigation Recommendations
1. Apply the official Linux kernel patches that fix the locking order in the netrom nr_rt_ioctl() function as soon as they become available from trusted Linux kernel maintainers or distributions. 2. Audit Linux systems to identify if the netrom protocol is enabled or compiled into the kernel. If netrom is not required, consider disabling or removing it to reduce the attack surface. 3. For systems where netrom is necessary, prioritize kernel upgrades to patched versions that address this deadlock issue. 4. Monitor system logs and kernel messages for lockdep warnings or symptoms of deadlocks related to netrom locks. 5. Implement kernel live patching solutions where available to apply fixes without full system reboots, minimizing downtime. 6. In environments with strict uptime requirements, test patches in staging before production deployment to ensure stability. 7. Limit access to ioctl interfaces that interact with netrom to trusted users and processes to reduce the risk of accidental or malicious triggering of the deadlock. 8. Maintain robust backup and recovery procedures to quickly restore affected systems in case of deadlock-induced crashes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2024-38589: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: netrom: fix possible dead-lock in nr_rt_ioctl() syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1] Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node) [1] WARNING: possible circular locking dependency detected 6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted ------------------------------------------------------ syz-executor350/5129 is trying to acquire lock: ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline] ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline] ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697 but task is already holding lock: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline] ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (nr_node_list_lock){+...}-{2:2}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] nr_remove_node net/netrom/nr_route.c:299 [inline] nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355 nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683 sock_do_ioctl+0x158/0x460 net/socket.c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #0 (&nr_node->node_lock){+...}-{2:2}: check_prev_add kernel/locking/lockdep.c:3134 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] nr_node_lock include/net/netrom.h:152 [inline] nr_dec_obs net/netrom/nr_route.c:464 [inline] nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697 sock_do_ioctl+0x158/0x460 net/socket.c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(nr_node_list_lock); lock(&nr_node->node_lock); lock(nr_node_list_lock); lock(&nr_node->node_lock); *** DEADLOCK *** 1 lock held by syz-executor350/5129: #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline] #0: ffffffff8f70 ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-38589 is a vulnerability identified in the Linux kernel's netrom networking protocol implementation. The issue arises from a potential deadlock condition in the nr_rt_ioctl() function due to improper lock acquisition order. Specifically, the vulnerability involves two spinlocks: nr_node_list_lock and nr_node->node_lock. The kernel code fails to consistently acquire these locks in a safe order, leading to a circular locking dependency. This can cause a deadlock when one CPU holds nr_node_list_lock and attempts to acquire nr_node->node_lock, while another CPU holds nr_node->node_lock and tries to acquire nr_node_list_lock. The deadlock scenario is confirmed by kernel lock dependency warnings and syzbot fuzzing reports. The root cause is that the locking order is not enforced correctly, and the fix involves ensuring that nr_node_list_lock is always acquired before nr_node->node_lock to prevent circular dependencies. This vulnerability affects Linux kernel versions prior to the patch and is specifically related to the netrom protocol code paths in nr_rt_ioctl and related functions. No known exploits are reported in the wild, and the vulnerability was discovered through automated kernel fuzzing tools like syzbot. The technical details indicate that the vulnerability is a concurrency bug that can cause system hangs or kernel lockups due to deadlocks in kernel space, impacting system stability and availability. The vulnerability does not involve privilege escalation or direct code execution but can cause denial of service by halting kernel threads or processes that invoke the affected ioctl calls.
Potential Impact
For European organizations, the primary impact of CVE-2024-38589 is on system availability and stability. Systems running vulnerable Linux kernel versions with netrom protocol support enabled could experience kernel deadlocks leading to system hangs or crashes. This can disrupt critical services, especially in environments relying on Linux servers for networking, telecommunications, or embedded systems that use netrom. Although netrom is a niche protocol primarily used in amateur radio and some specialized networking scenarios, Linux is widely deployed across European enterprises, government agencies, and infrastructure providers. Any Linux-based system that has netrom enabled or compiled in could be susceptible. The deadlock could be triggered by local users or processes invoking specific ioctl calls, potentially leading to denial of service conditions. This could affect data centers, telecom providers, and industrial control systems using Linux. The impact is less about data confidentiality or integrity and more about operational continuity. Organizations with high availability requirements or those running critical Linux infrastructure should consider this vulnerability seriously. The lack of known exploits reduces immediate risk, but the presence of a kernel-level deadlock bug warrants prompt patching to avoid potential service disruptions.
Mitigation Recommendations
1. Apply the official Linux kernel patches that fix the locking order in the netrom nr_rt_ioctl() function as soon as they become available from trusted Linux kernel maintainers or distributions. 2. Audit Linux systems to identify if the netrom protocol is enabled or compiled into the kernel. If netrom is not required, consider disabling or removing it to reduce the attack surface. 3. For systems where netrom is necessary, prioritize kernel upgrades to patched versions that address this deadlock issue. 4. Monitor system logs and kernel messages for lockdep warnings or symptoms of deadlocks related to netrom locks. 5. Implement kernel live patching solutions where available to apply fixes without full system reboots, minimizing downtime. 6. In environments with strict uptime requirements, test patches in staging before production deployment to ensure stability. 7. Limit access to ioctl interfaces that interact with netrom to trusted users and processes to reduce the risk of accidental or malicious triggering of the deadlock. 8. Maintain robust backup and recovery procedures to quickly restore affected systems in case of deadlock-induced crashes.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-06-18T19:36:34.930Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9829c4522896dcbe2a5e
Added to database: 5/21/2025, 9:08:57 AM
Last enriched: 6/29/2025, 11:41:08 AM
Last updated: 8/9/2025, 6:01:23 PM
Views: 11
Related Threats
CVE-2025-36088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Storage TS4500 Library
MediumCVE-2025-43490: CWE-59 Improper Link Resolution Before File Access ('Link Following') in HP, Inc. HP Hotkey Support Software
MediumCVE-2025-9060: CWE-20 Improper Input Validation in MSoft MFlash
CriticalCVE-2025-8675: CWE-918 Server-Side Request Forgery (SSRF) in Drupal AI SEO Link Advisor
MediumCVE-2025-8362: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal GoogleTag Manager
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.