Description

In the Linux kernel, the following vulnerability has been resolved: team: prevent adding a device which is already a team device lower Prevent adding a device which is already a team device lower, e.g. adding veth0 if vlan1 was already added and veth0 is a lower of vlan1. This is not useful in practice and can lead to recursive locking: $ ip link add veth0 type veth peer name veth1 $ ip link set veth0 up $ ip link set veth1 up $ ip link add link veth0 name veth0.1 type vlan protocol 802.1Q id 1 $ ip link add team0 type team $ ip link set veth0.1 down $ ip link set veth0.1 master team0 team0: Port device veth0.1 added $ ip link set veth0 down $ ip link set veth0 master team0 ============================================ WARNING: possible recursive locking detected 6.13.0-rc2-virtme-00441-ga14a429069bb #46 Not tainted -------------------------------------------- ip/7684 is trying to acquire lock: ffff888016848e00 (team->team_lock_key){+.+.}-{4:4}, at: team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) but task is already holding lock: ffff888016848e00 (team->team_lock_key){+.+.}-{4:4}, at: team_add_slave (drivers/net/team/team_core.c:1147 drivers/net/team/team_core.c:1977) other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(team->team_lock_key); lock(team->team_lock_key); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by ip/7684: stack backtrace: CPU: 3 UID: 0 PID: 7684 Comm: ip Not tainted 6.13.0-rc2-virtme-00441-ga14a429069bb #46 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:122) print_deadlock_bug.cold (kernel/locking/lockdep.c:3040) __lock_acquire (kernel/locking/lockdep.c:3893 kernel/locking/lockdep.c:5226) ? netlink_broadcast_filtered (net/netlink/af_netlink.c:1548) lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 2)) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? lock_acquire (kernel/locking/lockdep.c:5822) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) __mutex_lock (kernel/locking/mutex.c:587 kernel/locking/mutex.c:735) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? fib_sync_up (net/ipv4/fib_semantics.c:2167) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) notifier_call_chain (kernel/notifier.c:85) call_netdevice_notifiers_info (net/core/dev.c:1996) __dev_notify_flags (net/core/dev.c:8993) ? __dev_change_flags (net/core/dev.c:8975) dev_change_flags (net/core/dev.c:9027) vlan_device_event (net/8021q/vlan.c:85 net/8021q/vlan.c:470) ? br_device_event (net/bridge/br.c:143) notifier_call_chain (kernel/notifier.c:85) call_netdevice_notifiers_info (net/core/dev.c:1996) dev_open (net/core/dev.c:1519 net/core/dev.c:1505) team_add_slave (drivers/net/team/team_core.c:1219 drivers/net/team/team_core.c:1977) ? __pfx_team_add_slave (drivers/net/team/team_core.c:1972) do_set_master (net/core/rtnetlink.c:2917) do_setlink.isra.0 (net/core/rtnetlink.c:3117)

Metrics

 

CVSS Version 4.0 CVSS Version 3.x CVSS Version 2.0

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score:  5.5 MEDIUM

Vector:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0 Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink	Resource
https://git.kernel.org/stable/c/0a7794b9ca78c8e7d001c583bf05736169de3f20	Patch
https://git.kernel.org/stable/c/184a564e6000b41582f160a5be9a9b5aabe22ac1	Patch
https://git.kernel.org/stable/c/1bb06f919fa5bec77ad9b6002525c3dcc5c1fd6c	Patch
https://git.kernel.org/stable/c/3fff5da4ca2164bb4d0f1e6cd33f6eb8a0e73e50	Patch
https://git.kernel.org/stable/c/62ff1615815d565448c37cb8a7a2a076492ec471	Patch
https://git.kernel.org/stable/c/adff6ac889e16d97abd1e4543f533221127e978a	Patch
https://git.kernel.org/stable/c/bd099a2fa9be983ba0e90a57a59484fe9d520ba8	Patch
https://git.kernel.org/stable/c/d9bce1310c0e2a55888e3e08c9f69d8377b3a377	Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-667	Improper Locking	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Configuration 1 ( hide )

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*    Show Matching CPE(s)	From (including) 3.3	Up to (excluding) 5.4.291
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*    Show Matching CPE(s)	From (including) 5.5	Up to (excluding) 5.10.235
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*    Show Matching CPE(s)	From (including) 5.11	Up to (excluding) 5.15.179
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*    Show Matching CPE(s)	From (including) 5.16	Up to (excluding) 6.1.129
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*    Show Matching CPE(s)	From (including) 6.2	Up to (excluding) 6.6.76
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*    Show Matching CPE(s)	From (including) 6.7	Up to (excluding) 6.12.13
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*    Show Matching CPE(s)	From (including) 6.13	Up to (excluding) 6.13.2

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes

Initial Analysis by NIST 3/25/2025 10:22:11 AM

Action	Type	Old Value	New Value
Added	CVSS V3.1		AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Added	CWE		CWE-667
Added	CPE Configuration		Record truncated, showing 500 of 789 characters. View Entire Change Record OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.13.2 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.76 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.13 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.179 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:
Added	Reference Type		kernel.org: https://git.kernel.org/stable/c/0a7794b9ca78c8e7d001c583bf05736169de3f20 Types: Patch
Added	Reference Type		kernel.org: https://git.kernel.org/stable/c/184a564e6000b41582f160a5be9a9b5aabe22ac1 Types: Patch
Added	Reference Type		kernel.org: https://git.kernel.org/stable/c/1bb06f919fa5bec77ad9b6002525c3dcc5c1fd6c Types: Patch
Added	Reference Type		kernel.org: https://git.kernel.org/stable/c/3fff5da4ca2164bb4d0f1e6cd33f6eb8a0e73e50 Types: Patch
Added	Reference Type		kernel.org: https://git.kernel.org/stable/c/62ff1615815d565448c37cb8a7a2a076492ec471 Types: Patch
Added	Reference Type		kernel.org: https://git.kernel.org/stable/c/adff6ac889e16d97abd1e4543f533221127e978a Types: Patch
Added	Reference Type		kernel.org: https://git.kernel.org/stable/c/bd099a2fa9be983ba0e90a57a59484fe9d520ba8 Types: Patch
Added	Reference Type		kernel.org: https://git.kernel.org/stable/c/d9bce1310c0e2a55888e3e08c9f69d8377b3a377 Types: Patch

CVE Modified by kernel.org 3/13/2025 9:15:45 AM

Action	Type	Old Value	New Value
Added	Reference		https://git.kernel.org/stable/c/0a7794b9ca78c8e7d001c583bf05736169de3f20
Added	Reference		https://git.kernel.org/stable/c/62ff1615815d565448c37cb8a7a2a076492ec471
Added	Reference		https://git.kernel.org/stable/c/bd099a2fa9be983ba0e90a57a59484fe9d520ba8

New CVE Received from kernel.org 3/06/2025 11:15:53 AM

Action	Type	Old Value	New Value
Added	Description		Record truncated, showing 500 of 3826 characters. View Entire Change Record In the Linux kernel, the following vulnerability has been resolved: team: prevent adding a device which is already a team device lower Prevent adding a device which is already a team device lower, e.g. adding veth0 if vlan1 was already added and veth0 is a lower of vlan1. This is not useful in practice and can lead to recursive locking: $ ip link add veth0 type veth peer name veth1 $ ip link set veth0 up $ ip link set veth1 up $ ip link add link veth0 name veth0.1 type vlan protocol 802.1Q i
Added	Reference		https://git.kernel.org/stable/c/184a564e6000b41582f160a5be9a9b5aabe22ac1
Added	Reference		https://git.kernel.org/stable/c/1bb06f919fa5bec77ad9b6002525c3dcc5c1fd6c
Added	Reference		https://git.kernel.org/stable/c/3fff5da4ca2164bb4d0f1e6cd33f6eb8a0e73e50
Added	Reference		https://git.kernel.org/stable/c/adff6ac889e16d97abd1e4543f533221127e978a
Added	Reference		https://git.kernel.org/stable/c/d9bce1310c0e2a55888e3e08c9f69d8377b3a377