CVE-2024-58071: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: team: prevent adding a device which is already a team device lower Prevent adding a device which is already a team device lower, e.g. adding veth0 if vlan1 was already added and veth0 is a lower of vlan1. This is not useful in practice and can lead to recursive locking: $ ip link add veth0 type veth peer name veth1 $ ip link set veth0 up $ ip link set veth1 up $ ip link add link veth0 name veth0.1 type vlan protocol 802.1Q id 1 $ ip link add team0 type team $ ip link set veth0.1 down $ ip link set veth0.1 master team0 team0: Port device veth0.1 added $ ip link set veth0 down $ ip link set veth0 master team0 ============================================ WARNING: possible recursive locking detected 6.13.0-rc2-virtme-00441-ga14a429069bb #46 Not tainted -------------------------------------------- ip/7684 is trying to acquire lock: ffff888016848e00 (team->team_lock_key){+.+.}-{4:4}, at: team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) but task is already holding lock: ffff888016848e00 (team->team_lock_key){+.+.}-{4:4}, at: team_add_slave (drivers/net/team/team_core.c:1147 drivers/net/team/team_core.c:1977) other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(team->team_lock_key); lock(team->team_lock_key); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by ip/7684: stack backtrace: CPU: 3 UID: 0 PID: 7684 Comm: ip Not tainted 6.13.0-rc2-virtme-00441-ga14a429069bb #46 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:122) print_deadlock_bug.cold (kernel/locking/lockdep.c:3040) __lock_acquire (kernel/locking/lockdep.c:3893 kernel/locking/lockdep.c:5226) ? netlink_broadcast_filtered (net/netlink/af_netlink.c:1548) lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 2)) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? lock_acquire (kernel/locking/lockdep.c:5822) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) __mutex_lock (kernel/locking/mutex.c:587 kernel/locking/mutex.c:735) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? fib_sync_up (net/ipv4/fib_semantics.c:2167) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) notifier_call_chain (kernel/notifier.c:85) call_netdevice_notifiers_info (net/core/dev.c:1996) __dev_notify_flags (net/core/dev.c:8993) ? __dev_change_flags (net/core/dev.c:8975) dev_change_flags (net/core/dev.c:9027) vlan_device_event (net/8021q/vlan.c:85 net/8021q/vlan.c:470) ? br_device_event (net/bridge/br.c:143) notifier_call_chain (kernel/notifier.c:85) call_netdevice_notifiers_info (net/core/dev.c:1996) dev_open (net/core/dev.c:1519 net/core/dev.c:1505) team_add_slave (drivers/net/team/team_core.c:1219 drivers/net/team/team_core.c:1977) ? __pfx_team_add_slave (drivers/net/team/team_core.c:1972) do_set_master (net/core/rtnetlink.c:2917) do_setlink.isra.0 (net/core/rtnetlink.c:3117)
AI Analysis
Technical Summary
CVE-2024-58071 is a vulnerability identified in the Linux kernel's network team driver subsystem. The issue arises from the kernel allowing the addition of a network device as a lower device to a team device when that device is already a lower device of another team device, such as adding a veth (virtual Ethernet) device that is already part of a VLAN interface linked to a team device. This improper handling can lead to recursive locking scenarios within the kernel's team device locking mechanism. Specifically, the vulnerability manifests as a deadlock condition caused by the kernel attempting to acquire the same lock recursively without proper lock nesting notation or safeguards. The deadlock is triggered when operations like adding or setting master devices for virtual network interfaces occur in a particular sequence, as demonstrated by the example commands involving veth and VLAN interfaces. The kernel's locking subsystem detects this recursive locking attempt and results in a deadlock, which can cause the affected system's network stack to hang or become unresponsive. This vulnerability is rooted in the team_core.c driver code, where the team_device_event and team_add_slave functions improperly manage the team_lock_key mutex, leading to the deadlock. The vulnerability affects Linux kernel versions prior to the patch that prevents adding a device already assigned as a team device lower, and it was disclosed on March 6, 2025. There are no known exploits in the wild at the time of disclosure, and no CVSS score has been assigned yet. The vulnerability is primarily a denial-of-service (DoS) risk due to the potential for kernel deadlock and network stack disruption.
Potential Impact
For European organizations, the impact of CVE-2024-58071 could be significant, especially for those relying heavily on Linux-based infrastructure for networking, virtualization, and container environments. The vulnerability can cause kernel deadlocks leading to network outages or degraded performance, impacting availability of critical services. Organizations using Linux servers as network gateways, routers, or in cloud environments with virtualized network interfaces (e.g., veth pairs in container orchestration platforms like Kubernetes) are particularly at risk. The deadlock could disrupt internal and external communications, affecting business continuity, service level agreements, and potentially leading to financial losses. While the vulnerability does not appear to allow privilege escalation or direct data compromise, the denial of service could be exploited by attackers to cause operational disruptions. This is especially critical for sectors such as finance, healthcare, telecommunications, and government services in Europe, where network reliability is paramount. Additionally, the complexity of the vulnerability means that inadvertent misconfiguration or automated network management scripts could trigger the deadlock unintentionally, further increasing risk.
Mitigation Recommendations
Mitigation requires patching the Linux kernel to the fixed version that prevents adding a device already assigned as a team device lower, thereby eliminating the recursive locking condition. Organizations should: 1) Monitor Linux kernel updates and apply patches promptly once available from their Linux distribution vendors. 2) Audit and review network configuration scripts and automation tools that manipulate team devices, VLANs, and virtual Ethernet interfaces to ensure they do not create conflicting device hierarchies. 3) Implement strict change management and testing for network interface configurations, particularly in virtualized and containerized environments, to detect potential deadlock scenarios before deployment. 4) Consider isolating critical network functions on dedicated hosts or containers with minimal device complexity to reduce exposure. 5) Employ kernel crash and hang detection tools and configure alerting to quickly identify and respond to deadlock conditions. 6) If patching is delayed, limit the use of team devices and complex virtual network topologies that involve nested lower devices until a fix is applied. These steps go beyond generic advice by focusing on configuration hygiene and proactive detection tailored to the vulnerability's nature.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-58071: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: team: prevent adding a device which is already a team device lower Prevent adding a device which is already a team device lower, e.g. adding veth0 if vlan1 was already added and veth0 is a lower of vlan1. This is not useful in practice and can lead to recursive locking: $ ip link add veth0 type veth peer name veth1 $ ip link set veth0 up $ ip link set veth1 up $ ip link add link veth0 name veth0.1 type vlan protocol 802.1Q id 1 $ ip link add team0 type team $ ip link set veth0.1 down $ ip link set veth0.1 master team0 team0: Port device veth0.1 added $ ip link set veth0 down $ ip link set veth0 master team0 ============================================ WARNING: possible recursive locking detected 6.13.0-rc2-virtme-00441-ga14a429069bb #46 Not tainted -------------------------------------------- ip/7684 is trying to acquire lock: ffff888016848e00 (team->team_lock_key){+.+.}-{4:4}, at: team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) but task is already holding lock: ffff888016848e00 (team->team_lock_key){+.+.}-{4:4}, at: team_add_slave (drivers/net/team/team_core.c:1147 drivers/net/team/team_core.c:1977) other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(team->team_lock_key); lock(team->team_lock_key); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by ip/7684: stack backtrace: CPU: 3 UID: 0 PID: 7684 Comm: ip Not tainted 6.13.0-rc2-virtme-00441-ga14a429069bb #46 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:122) print_deadlock_bug.cold (kernel/locking/lockdep.c:3040) __lock_acquire (kernel/locking/lockdep.c:3893 kernel/locking/lockdep.c:5226) ? netlink_broadcast_filtered (net/netlink/af_netlink.c:1548) lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 2)) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? lock_acquire (kernel/locking/lockdep.c:5822) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) __mutex_lock (kernel/locking/mutex.c:587 kernel/locking/mutex.c:735) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? fib_sync_up (net/ipv4/fib_semantics.c:2167) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) notifier_call_chain (kernel/notifier.c:85) call_netdevice_notifiers_info (net/core/dev.c:1996) __dev_notify_flags (net/core/dev.c:8993) ? __dev_change_flags (net/core/dev.c:8975) dev_change_flags (net/core/dev.c:9027) vlan_device_event (net/8021q/vlan.c:85 net/8021q/vlan.c:470) ? br_device_event (net/bridge/br.c:143) notifier_call_chain (kernel/notifier.c:85) call_netdevice_notifiers_info (net/core/dev.c:1996) dev_open (net/core/dev.c:1519 net/core/dev.c:1505) team_add_slave (drivers/net/team/team_core.c:1219 drivers/net/team/team_core.c:1977) ? __pfx_team_add_slave (drivers/net/team/team_core.c:1972) do_set_master (net/core/rtnetlink.c:2917) do_setlink.isra.0 (net/core/rtnetlink.c:3117)
AI-Powered Analysis
Technical Analysis
CVE-2024-58071 is a vulnerability identified in the Linux kernel's network team driver subsystem. The issue arises from the kernel allowing the addition of a network device as a lower device to a team device when that device is already a lower device of another team device, such as adding a veth (virtual Ethernet) device that is already part of a VLAN interface linked to a team device. This improper handling can lead to recursive locking scenarios within the kernel's team device locking mechanism. Specifically, the vulnerability manifests as a deadlock condition caused by the kernel attempting to acquire the same lock recursively without proper lock nesting notation or safeguards. The deadlock is triggered when operations like adding or setting master devices for virtual network interfaces occur in a particular sequence, as demonstrated by the example commands involving veth and VLAN interfaces. The kernel's locking subsystem detects this recursive locking attempt and results in a deadlock, which can cause the affected system's network stack to hang or become unresponsive. This vulnerability is rooted in the team_core.c driver code, where the team_device_event and team_add_slave functions improperly manage the team_lock_key mutex, leading to the deadlock. The vulnerability affects Linux kernel versions prior to the patch that prevents adding a device already assigned as a team device lower, and it was disclosed on March 6, 2025. There are no known exploits in the wild at the time of disclosure, and no CVSS score has been assigned yet. The vulnerability is primarily a denial-of-service (DoS) risk due to the potential for kernel deadlock and network stack disruption.
Potential Impact
For European organizations, the impact of CVE-2024-58071 could be significant, especially for those relying heavily on Linux-based infrastructure for networking, virtualization, and container environments. The vulnerability can cause kernel deadlocks leading to network outages or degraded performance, impacting availability of critical services. Organizations using Linux servers as network gateways, routers, or in cloud environments with virtualized network interfaces (e.g., veth pairs in container orchestration platforms like Kubernetes) are particularly at risk. The deadlock could disrupt internal and external communications, affecting business continuity, service level agreements, and potentially leading to financial losses. While the vulnerability does not appear to allow privilege escalation or direct data compromise, the denial of service could be exploited by attackers to cause operational disruptions. This is especially critical for sectors such as finance, healthcare, telecommunications, and government services in Europe, where network reliability is paramount. Additionally, the complexity of the vulnerability means that inadvertent misconfiguration or automated network management scripts could trigger the deadlock unintentionally, further increasing risk.
Mitigation Recommendations
Mitigation requires patching the Linux kernel to the fixed version that prevents adding a device already assigned as a team device lower, thereby eliminating the recursive locking condition. Organizations should: 1) Monitor Linux kernel updates and apply patches promptly once available from their Linux distribution vendors. 2) Audit and review network configuration scripts and automation tools that manipulate team devices, VLANs, and virtual Ethernet interfaces to ensure they do not create conflicting device hierarchies. 3) Implement strict change management and testing for network interface configurations, particularly in virtualized and containerized environments, to detect potential deadlock scenarios before deployment. 4) Consider isolating critical network functions on dedicated hosts or containers with minimal device complexity to reduce exposure. 5) Employ kernel crash and hang detection tools and configure alerting to quickly identify and respond to deadlock conditions. 6) If patching is delayed, limit the use of team devices and complex virtual network topologies that involve nested lower devices until a fix is applied. These steps go beyond generic advice by focusing on configuration hygiene and proactive detection tailored to the vulnerability's nature.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-03-06T15:52:09.182Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9822c4522896dcbde2bc
Added to database: 5/21/2025, 9:08:50 AM
Last enriched: 6/28/2025, 5:55:30 AM
Last updated: 8/4/2025, 6:53:13 AM
Views: 13
Related Threats
CVE-2025-9094: Improper Neutralization of Special Elements Used in a Template Engine in ThingsBoard
MediumCVE-2025-9093: Improper Export of Android Application Components in BuzzFeed App
MediumResearcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.