Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-3r4b-k6qt-wubz
Vulnerability ID VCID-3r4b-k6qt-wubz
Aliases CVE-2024-27010
Summary In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix mirred deadlock on device recursion When the mirred action is used on a classful egress qdisc and a packet is mirrored or redirected to self we hit a qdisc lock deadlock. See trace below. [..... other info removed for brevity....] [ 82.890906] [ 82.890906] ============================================ [ 82.890906] WARNING: possible recursive locking detected [ 82.890906] 6.8.0-05205-g77fadd89fe2d-dirty #213 Tainted: G W [ 82.890906] -------------------------------------------- [ 82.890906] ping/418 is trying to acquire lock: [ 82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at: __dev_queue_xmit+0x1778/0x3550 [ 82.890906] [ 82.890906] but task is already holding lock: [ 82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at: __dev_queue_xmit+0x1778/0x3550 [ 82.890906] [ 82.890906] other info that might help us debug this: [ 82.890906] Possible unsafe locking scenario: [ 82.890906] [ 82.890906] CPU0 [ 82.890906] ---- [ 82.890906] lock(&sch->q.lock); [ 82.890906] lock(&sch->q.lock); [ 82.890906] [ 82.890906] *** DEADLOCK *** [ 82.890906] [..... other info removed for brevity....] Example setup (eth0->eth0) to recreate tc qdisc add dev eth0 root handle 1: htb default 30 tc filter add dev eth0 handle 1: protocol ip prio 2 matchall \ action mirred egress redirect dev eth0 Another example(eth0->eth1->eth0) to recreate tc qdisc add dev eth0 root handle 1: htb default 30 tc filter add dev eth0 handle 1: protocol ip prio 2 matchall \ action mirred egress redirect dev eth1 tc qdisc add dev eth1 root handle 1: htb default 30 tc filter add dev eth1 handle 1: protocol ip prio 2 matchall \ action mirred egress redirect dev eth0 We fix this by adding an owner field (CPU id) to struct Qdisc set after root qdisc is entered. When the softirq enters it a second time, if the qdisc owner is the same CPU, the packet is dropped to break the loop.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27010.json
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-27010
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-27010
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-27010
cvssv3.1 5.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc Track https://git.kernel.org/stable/c/0f022d32c3eca477fbf79a205243a6123ed0fe11
ssvc Track https://git.kernel.org/stable/c/e6b90468da4dae2281a6e381107f411efb48b0ef
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27010.json
https://api.first.org/data/v1/epss?cve=CVE-2024-27010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27010
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
0f022d32c3eca477fbf79a205243a6123ed0fe11 https://git.kernel.org/stable/c/0f022d32c3eca477fbf79a205243a6123ed0fe11
2278279 https://bugzilla.redhat.com/show_bug.cgi?id=2278279
e6b90468da4dae2281a6e381107f411efb48b0ef https://git.kernel.org/stable/c/e6b90468da4dae2281a6e381107f411efb48b0ef
RHSA-2024:5101 https://access.redhat.com/errata/RHSA-2024:5101
RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
RHSA-2024:9315 https://access.redhat.com/errata/RHSA-2024:9315
RHSA-2025:3510 https://access.redhat.com/errata/RHSA-2025:3510
USN-6893-1 https://usn.ubuntu.com/6893-1/
USN-6893-2 https://usn.ubuntu.com/6893-2/
USN-6893-3 https://usn.ubuntu.com/6893-3/
USN-6918-1 https://usn.ubuntu.com/6918-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27010.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T15:03:35Z/ Found at https://git.kernel.org/stable/c/0f022d32c3eca477fbf79a205243a6123ed0fe11
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T15:03:35Z/ Found at https://git.kernel.org/stable/c/e6b90468da4dae2281a6e381107f411efb48b0ef
Exploit Prediction Scoring System (EPSS)
Percentile 0.00517
EPSS Score 7e-05
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:50:13.495213+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0