vulnerability

Ubuntu: (Multiple Advisories) (CVE-2024-54683): Linux kernel vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:S/C:N/I:N/A:C)	Jan 11, 2025	Mar 28, 2025	Aug 18, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

Jan 11, 2025

Added

Mar 28, 2025

Modified

Aug 18, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: IDLETIMER: Fix for possible ABBA deadlock

Deletion of the last rule referencing a given idletimer may happen at
the same time as a read of its file in sysfs:

| ======================================================
| WARNING: possible circular locking dependency detected
| 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted
| ------------------------------------------------------
| iptables/3303 is trying to acquire lock:
| ffff8881057e04b8 (kn->active#48){++++}-{0:0}, at: __kernfs_remove+0x20
|
| but task is already holding lock:
| ffffffffa0249068 (list_mutex){+.+.}-{3:3}, at: idletimer_tg_destroy_v]
|
| which lock already depends on the new lock.

A simple reproducer is:

| #!/bin/bash
|
| while true; do
| iptables -A INPUT -i foo -j IDLETIMER --timeout 10 --label "testme"
| iptables -D INPUT -i foo -j IDLETIMER --timeout 10 --label "testme"
| done &
| while true; do
| cat /sys/class/xt_idletimer/timers/testme >/dev/null
| done

Avoid this by freeing list_mutex right after deleting the element from
the list, then continuing with the teardown.

Solutions

ubuntu-upgrade-linux-image-6-11-0-1007-realtimeubuntu-upgrade-linux-image-6-11-0-1010-raspiubuntu-upgrade-linux-image-6-11-0-1011-awsubuntu-upgrade-linux-image-6-11-0-1011-gcpubuntu-upgrade-linux-image-6-11-0-1011-gcp-64kubuntu-upgrade-linux-image-6-11-0-1011-lowlatencyubuntu-upgrade-linux-image-6-11-0-1011-lowlatency-64kubuntu-upgrade-linux-image-6-11-0-1012-azureubuntu-upgrade-linux-image-6-11-0-1012-azure-fdeubuntu-upgrade-linux-image-6-11-0-1013-oracleubuntu-upgrade-linux-image-6-11-0-1013-oracle-64kubuntu-upgrade-linux-image-6-11-0-1017-oemubuntu-upgrade-linux-image-6-11-0-21-genericubuntu-upgrade-linux-image-6-11-0-21-generic-64kubuntu-upgrade-linux-image-6-8-0-1012-gkeopubuntu-upgrade-linux-image-6-8-0-1016-azure-nvidiaubuntu-upgrade-linux-image-6-8-0-1025-gkeubuntu-upgrade-linux-image-6-8-0-1026-ibmubuntu-upgrade-linux-image-6-8-0-1026-oracleubuntu-upgrade-linux-image-6-8-0-1026-oracle-64kubuntu-upgrade-linux-image-6-8-0-1028-nvidiaubuntu-upgrade-linux-image-6-8-0-1028-nvidia-64kubuntu-upgrade-linux-image-6-8-0-1028-nvidia-lowlatencyubuntu-upgrade-linux-image-6-8-0-1028-nvidia-lowlatency-64kubuntu-upgrade-linux-image-6-8-0-1028-oemubuntu-upgrade-linux-image-6-8-0-1028-raspiubuntu-upgrade-linux-image-6-8-0-1029-awsubuntu-upgrade-linux-image-6-8-0-1029-azureubuntu-upgrade-linux-image-6-8-0-1029-azure-fdeubuntu-upgrade-linux-image-6-8-0-1030-gcpubuntu-upgrade-linux-image-6-8-0-1030-gcp-64kubuntu-upgrade-linux-image-6-8-0-2023-raspi-realtimeubuntu-upgrade-linux-image-6-8-0-60-genericubuntu-upgrade-linux-image-6-8-0-60-generic-64kubuntu-upgrade-linux-image-6-8-0-60-lowlatencyubuntu-upgrade-linux-image-6-8-0-60-lowlatency-64kubuntu-upgrade-linux-image-6-8-1-1022-realtimeubuntu-upgrade-linux-image-awsubuntu-upgrade-linux-image-aws-lts-24-04ubuntu-upgrade-linux-image-azureubuntu-upgrade-linux-image-azure-fdeubuntu-upgrade-linux-image-azure-fde-lts-24-04ubuntu-upgrade-linux-image-azure-lts-24-04ubuntu-upgrade-linux-image-azure-nvidiaubuntu-upgrade-linux-image-gcpubuntu-upgrade-linux-image-gcp-64kubuntu-upgrade-linux-image-gcp-64k-lts-24-04ubuntu-upgrade-linux-image-gcp-lts-24-04ubuntu-upgrade-linux-image-genericubuntu-upgrade-linux-image-generic-64kubuntu-upgrade-linux-image-generic-64k-hwe-22-04ubuntu-upgrade-linux-image-generic-64k-hwe-24-04ubuntu-upgrade-linux-image-generic-hwe-22-04ubuntu-upgrade-linux-image-generic-hwe-24-04ubuntu-upgrade-linux-image-generic-lpaeubuntu-upgrade-linux-image-gkeubuntu-upgrade-linux-image-gkeopubuntu-upgrade-linux-image-gkeop-6-8ubuntu-upgrade-linux-image-ibmubuntu-upgrade-linux-image-ibm-classicubuntu-upgrade-linux-image-ibm-lts-24-04ubuntu-upgrade-linux-image-kvmubuntu-upgrade-linux-image-lowlatencyubuntu-upgrade-linux-image-lowlatency-64kubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04ubuntu-upgrade-linux-image-lowlatency-hwe-22-04ubuntu-upgrade-linux-image-lowlatency-hwe-24-04ubuntu-upgrade-linux-image-nvidiaubuntu-upgrade-linux-image-nvidia-6-8ubuntu-upgrade-linux-image-nvidia-64kubuntu-upgrade-linux-image-nvidia-64k-6-8ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04ubuntu-upgrade-linux-image-nvidia-hwe-22-04ubuntu-upgrade-linux-image-nvidia-lowlatencyubuntu-upgrade-linux-image-nvidia-lowlatency-64kubuntu-upgrade-linux-image-oem-22-04ubuntu-upgrade-linux-image-oem-22-04aubuntu-upgrade-linux-image-oem-22-04bubuntu-upgrade-linux-image-oem-22-04cubuntu-upgrade-linux-image-oem-22-04dubuntu-upgrade-linux-image-oem-24-04ubuntu-upgrade-linux-image-oem-24-04aubuntu-upgrade-linux-image-oem-24-04bubuntu-upgrade-linux-image-oracleubuntu-upgrade-linux-image-oracle-64kubuntu-upgrade-linux-image-oracle-64k-lts-24-04ubuntu-upgrade-linux-image-oracle-lts-24-04ubuntu-upgrade-linux-image-raspiubuntu-upgrade-linux-image-raspi-realtimeubuntu-upgrade-linux-image-realtimeubuntu-upgrade-linux-image-realtime-hwe-24-04ubuntu-upgrade-linux-image-virtualubuntu-upgrade-linux-image-virtual-hwe-22-04ubuntu-upgrade-linux-image-virtual-hwe-24-04

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today