{"api_version":"1","generated_at":"2026-05-13T17:39:30+00:00","cve":"CVE-2024-38589","urls":{"html":"https://cve.report/CVE-2024-38589","api":"https://cve.report/api/cve/CVE-2024-38589.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-38589","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-38589"},"summary":{"title":"netrom: fix possible dead-lock in nr_rt_ioctl()","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: fix possible dead-lock in nr_rt_ioctl()\n\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\n\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\n\n[1]\nWARNING: possible circular locking dependency detected\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\n------------------------------------------------------\nsyz-executor350/5129 is trying to acquire lock:\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n\nbut task is already holding lock:\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (nr_node_list_lock){+...}-{2:2}:\n        lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n        __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n        _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n        spin_lock_bh include/linux/spinlock.h:356 [inline]\n        nr_remove_node net/netrom/nr_route.c:299 [inline]\n        nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\n        nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\n        sock_do_ioctl+0x158/0x460 net/socket.c:1222\n        sock_ioctl+0x629/0x8e0 net/socket.c:1341\n        vfs_ioctl fs/ioctl.c:51 [inline]\n        __do_sys_ioctl fs/ioctl.c:904 [inline]\n        __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n        do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n        do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n       entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-> #0 (&nr_node->node_lock){+...}-{2:2}:\n        check_prev_add kernel/locking/lockdep.c:3134 [inline]\n        check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n        validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\n        __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\n        lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n        __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n        _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n        spin_lock_bh include/linux/spinlock.h:356 [inline]\n        nr_node_lock include/net/netrom.h:152 [inline]\n        nr_dec_obs net/netrom/nr_route.c:464 [inline]\n        nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n        sock_do_ioctl+0x158/0x460 net/socket.c:1222\n        sock_ioctl+0x629/0x8e0 net/socket.c:1341\n        vfs_ioctl fs/ioctl.c:51 [inline]\n        __do_sys_ioctl fs/ioctl.c:904 [inline]\n        __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n        do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n        do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n       entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n       CPU0                    CPU1\n       ----                    ----\n  lock(nr_node_list_lock);\n                               lock(&nr_node->node_lock);\n                               lock(nr_node_list_lock);\n  lock(&nr_node->node_lock);\n\n *** DEADLOCK ***\n\n1 lock held by syz-executor350/5129:\n  #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n  #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n  #0: ffffffff8f70\n---truncated---","state":"PUBLISHED","assigner":"Linux","published_at":"2024-06-19 14:15:19","updated_at":"2026-05-12 12:16:54"},"problem_types":["CWE-667"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}}],"references":[{"url":"https://git.kernel.org/stable/c/5bc50a705cfac8f64ce51c95611c3dd0554ef9c3","name":"https://git.kernel.org/stable/c/5bc50a705cfac8f64ce51c95611c3dd0554ef9c3","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/b117e5b4f27c2c9076561b6be450a9619f0b79de","name":"https://git.kernel.org/stable/c/b117e5b4f27c2c9076561b6be450a9619f0b79de","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6","name":"https://git.kernel.org/stable/c/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/b9d663fbf74290cb68fbc66ae4367bd56837ad1d","name":"https://git.kernel.org/stable/c/b9d663fbf74290cb68fbc66ae4367bd56837ad1d","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8","name":"https://git.kernel.org/stable/c/f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/1fbfb483c1a290dce3f41f52d45cc46dd88b7691","name":"https://git.kernel.org/stable/c/1fbfb483c1a290dce3f41f52d45cc46dd88b7691","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5","name":"https://git.kernel.org/stable/c/5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-613116.html","name":"https://cert-portal.siemens.com/productcert/html/ssa-613116.html","refsource":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/421c50fa81836775bf0fd6ce0e57a6eb27af24d5","name":"https://git.kernel.org/stable/c/421c50fa81836775bf0fd6ce0e57a6eb27af24d5","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7","name":"https://git.kernel.org/stable/c/3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","name":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-38589","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38589","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 b9d663fbf74290cb68fbc66ae4367bd56837ad1d git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 1fbfb483c1a290dce3f41f52d45cc46dd88b7691 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 b117e5b4f27c2c9076561b6be450a9619f0b79de git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 421c50fa81836775bf0fd6ce0e57a6eb27af24d5 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 5bc50a705cfac8f64ce51c95611c3dd0554ef9c3 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 2.6.12","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 2.6.12 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 4.19.316 4.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.4.278 5.4.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.219 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.161 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.93 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.33 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.8.12 6.8.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.9.3 6.9.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.10 * original_commit_for_fix","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"RUGGEDCOM RST2428P","version":"affected V3.1 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family","version":"unaffected * custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SCALANCE XCM-/XRM-/XCH-/XRH-300 family","version":"affected V3.1 custom","platforms":[]},{"source":"ADP","vendor":"Siemens","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","version":"affected * custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2024","cve_id":"38589","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2025-11-04T17:21:39.426Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/b9d663fbf74290cb68fbc66ae4367bd56837ad1d"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/1fbfb483c1a290dce3f41f52d45cc46dd88b7691"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/b117e5b4f27c2c9076561b6be450a9619f0b79de"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/421c50fa81836775bf0fd6ce0e57a6eb27af24d5"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/5bc50a705cfac8f64ce51c95611c3dd0554ef9c3"},{"tags":["x_transferred"],"url":"https://git.kernel.org/stable/c/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6"},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}],"title":"CVE Program Container"},{"metrics":[{"other":{"content":{"id":"CVE-2024-38589","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-09-10T17:13:46.964501Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-09-11T17:34:54.971Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"affected":[{"defaultStatus":"unknown","product":"RUGGEDCOM RST2428P","vendor":"Siemens","versions":[{"lessThan":"V3.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family","vendor":"Siemens","versions":[{"lessThan":"*","status":"unaffected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SCALANCE XCM-/XRM-/XCH-/XRH-300 family","vendor":"Siemens","versions":[{"lessThan":"V3.1","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unknown","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","vendor":"Siemens","versions":[{"lessThan":"*","status":"affected","version":"0","versionType":"custom"}]}],"providerMetadata":{"dateUpdated":"2026-05-12T11:54:47.272Z","orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP"},"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-613116.html"}],"x_adpType":"supplier"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["net/netrom/nr_route.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"b9d663fbf74290cb68fbc66ae4367bd56837ad1d","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"1fbfb483c1a290dce3f41f52d45cc46dd88b7691","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"b117e5b4f27c2c9076561b6be450a9619f0b79de","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"421c50fa81836775bf0fd6ce0e57a6eb27af24d5","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"5bc50a705cfac8f64ce51c95611c3dd0554ef9c3","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"},{"lessThan":"e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6","status":"affected","version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["net/netrom/nr_route.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"2.6.12"},{"lessThan":"2.6.12","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"4.19.*","status":"unaffected","version":"4.19.316","versionType":"semver"},{"lessThanOrEqual":"5.4.*","status":"unaffected","version":"5.4.278","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.219","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.161","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.93","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.33","versionType":"semver"},{"lessThanOrEqual":"6.8.*","status":"unaffected","version":"6.8.12","versionType":"semver"},{"lessThanOrEqual":"6.9.*","status":"unaffected","version":"6.9.3","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"6.10","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"4.19.316","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.4.278","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.219","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.161","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.93","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.33","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.8.12","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.3","versionStartIncluding":"2.6.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.10","versionStartIncluding":"2.6.12","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: fix possible dead-lock in nr_rt_ioctl()\n\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\n\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\n\n[1]\nWARNING: possible circular locking dependency detected\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\n------------------------------------------------------\nsyz-executor350/5129 is trying to acquire lock:\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n\nbut task is already holding lock:\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (nr_node_list_lock){+...}-{2:2}:\n        lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n        __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n        _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n        spin_lock_bh include/linux/spinlock.h:356 [inline]\n        nr_remove_node net/netrom/nr_route.c:299 [inline]\n        nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\n        nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\n        sock_do_ioctl+0x158/0x460 net/socket.c:1222\n        sock_ioctl+0x629/0x8e0 net/socket.c:1341\n        vfs_ioctl fs/ioctl.c:51 [inline]\n        __do_sys_ioctl fs/ioctl.c:904 [inline]\n        __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n        do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n        do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n       entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-> #0 (&nr_node->node_lock){+...}-{2:2}:\n        check_prev_add kernel/locking/lockdep.c:3134 [inline]\n        check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n        validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\n        __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\n        lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n        __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n        _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n        spin_lock_bh include/linux/spinlock.h:356 [inline]\n        nr_node_lock include/net/netrom.h:152 [inline]\n        nr_dec_obs net/netrom/nr_route.c:464 [inline]\n        nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n        sock_do_ioctl+0x158/0x460 net/socket.c:1222\n        sock_ioctl+0x629/0x8e0 net/socket.c:1341\n        vfs_ioctl fs/ioctl.c:51 [inline]\n        __do_sys_ioctl fs/ioctl.c:904 [inline]\n        __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n        do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n        do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n       entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n       CPU0                    CPU1\n       ----                    ----\n  lock(nr_node_list_lock);\n                               lock(&nr_node->node_lock);\n                               lock(nr_node_list_lock);\n  lock(&nr_node->node_lock);\n\n *** DEADLOCK ***\n\n1 lock held by syz-executor350/5129:\n  #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n  #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n  #0: ffffffff8f70\n---truncated---"}],"providerMetadata":{"dateUpdated":"2026-05-11T20:19:38.826Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/b9d663fbf74290cb68fbc66ae4367bd56837ad1d"},{"url":"https://git.kernel.org/stable/c/1fbfb483c1a290dce3f41f52d45cc46dd88b7691"},{"url":"https://git.kernel.org/stable/c/b117e5b4f27c2c9076561b6be450a9619f0b79de"},{"url":"https://git.kernel.org/stable/c/421c50fa81836775bf0fd6ce0e57a6eb27af24d5"},{"url":"https://git.kernel.org/stable/c/3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7"},{"url":"https://git.kernel.org/stable/c/f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8"},{"url":"https://git.kernel.org/stable/c/5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5"},{"url":"https://git.kernel.org/stable/c/5bc50a705cfac8f64ce51c95611c3dd0554ef9c3"},{"url":"https://git.kernel.org/stable/c/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6"}],"title":"netrom: fix possible dead-lock in nr_rt_ioctl()","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2024-38589","datePublished":"2024-06-19T13:45:41.258Z","dateReserved":"2024-06-18T19:36:34.930Z","dateUpdated":"2026-05-12T11:54:47.272Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-06-19 14:15:19","lastModifiedDate":"2026-05-12 12:16:54","problem_types":["CWE-667"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"4.19.316","matchCriteriaId":"E119EFEF-0E26-41C9-B9A8-A07B90C45CDC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.278","matchCriteriaId":"7FDBF235-DA18-49A1-8690-6C7272FD0701"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.219","matchCriteriaId":"E9063AF3-D593-43B7-810D-58B87F82F9F9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.161","matchCriteriaId":"31130639-53FE-4726-8986-434EE2528CB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.93","matchCriteriaId":"EEFB78EE-F990-4197-BF1C-156760A55667"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.33","matchCriteriaId":"FCE796DF-3B50-4DC6-BAE5-95271068FC9E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.8.12","matchCriteriaId":"80550309-67AB-4FD1-AC07-3DED5C4F01B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.9.3","matchCriteriaId":"E07124C1-19E8-4D21-828D-9932A01D3011"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"38589","Ordinal":"1","Title":"netrom: fix possible dead-lock in nr_rt_ioctl()","CVE":"CVE-2024-38589","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"38589","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetrom: fix possible dead-lock in nr_rt_ioctl()\n\nsyzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1]\n\nMake sure we always acquire nr_node_list_lock before nr_node_lock(nr_node)\n\n[1]\nWARNING: possible circular locking dependency detected\n6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted\n------------------------------------------------------\nsyz-executor350/5129 is trying to acquire lock:\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_node_lock include/net/netrom.h:152 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:464 [inline]\n ffff8880186e2070 (&nr_node->node_lock){+...}-{2:2}, at: nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n\nbut task is already holding lock:\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_rt_ioctl+0x10a/0x1090 net/netrom/nr_route.c:697\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (nr_node_list_lock){+...}-{2:2}:\n        lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n        __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n        _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n        spin_lock_bh include/linux/spinlock.h:356 [inline]\n        nr_remove_node net/netrom/nr_route.c:299 [inline]\n        nr_del_node+0x4b4/0x820 net/netrom/nr_route.c:355\n        nr_rt_ioctl+0xa95/0x1090 net/netrom/nr_route.c:683\n        sock_do_ioctl+0x158/0x460 net/socket.c:1222\n        sock_ioctl+0x629/0x8e0 net/socket.c:1341\n        vfs_ioctl fs/ioctl.c:51 [inline]\n        __do_sys_ioctl fs/ioctl.c:904 [inline]\n        __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n        do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n        do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n       entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n-> #0 (&nr_node->node_lock){+...}-{2:2}:\n        check_prev_add kernel/locking/lockdep.c:3134 [inline]\n        check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n        validate_chain+0x18cb/0x58e0 kernel/locking/lockdep.c:3869\n        __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137\n        lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754\n        __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]\n        _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178\n        spin_lock_bh include/linux/spinlock.h:356 [inline]\n        nr_node_lock include/net/netrom.h:152 [inline]\n        nr_dec_obs net/netrom/nr_route.c:464 [inline]\n        nr_rt_ioctl+0x1bb/0x1090 net/netrom/nr_route.c:697\n        sock_do_ioctl+0x158/0x460 net/socket.c:1222\n        sock_ioctl+0x629/0x8e0 net/socket.c:1341\n        vfs_ioctl fs/ioctl.c:51 [inline]\n        __do_sys_ioctl fs/ioctl.c:904 [inline]\n        __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890\n        do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n        do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n       entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n       CPU0                    CPU1\n       ----                    ----\n  lock(nr_node_list_lock);\n                               lock(&nr_node->node_lock);\n                               lock(nr_node_list_lock);\n  lock(&nr_node->node_lock);\n\n *** DEADLOCK ***\n\n1 lock held by syz-executor350/5129:\n  #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n  #0: ffffffff8f7053b8 (nr_node_list_lock){+...}-{2:2}, at: nr_dec_obs net/netrom/nr_route.c:462 [inline]\n  #0: ffffffff8f70\n---truncated---","Type":"Description","Title":"netrom: fix possible dead-lock in nr_rt_ioctl()"}]}}}