Login Sign Up

CVE-2024-27010

5.5 MEDIUM
Denial of Service

📋 TL;DR

A deadlock vulnerability in the Linux kernel's traffic control subsystem allows denial of service when mirred actions create recursive packet loops. Systems using Linux kernel traffic shaping with specific mirroring configurations are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Versions before fixes in stable branches (specific commits: 0f022d32c3eca477fbf79a205243a6123ed0fe11, e6b90468da4dae2281a6e381107f411efb48b0ef)
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when specific traffic control rules create recursive mirroring (e.g., eth0->eth0 or eth0->eth1->eth0 loops).

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system lockup requiring hard reboot, causing extended service disruption.

🟠

Likely Case

Local denial of service affecting network traffic on affected interfaces, potentially disrupting services.

🟢

If Mitigated

Minimal impact if traffic control rules avoid recursive mirroring scenarios.

🌐 Internet-Facing: LOW - Requires specific local configuration and privileged access to trigger.
🏢 Internal Only: MEDIUM - Internal administrators or compromised accounts could trigger denial of service.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires CAP_NET_ADMIN or root privileges to configure traffic control rules. The provided tc commands demonstrate trigger conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits 0f022d32c3eca477fbf79a205243a6123ed0fe11 and e6b90468da4dae2281a6e381107f411efb48b0ef

Vendor Advisory: https://git.kernel.org/stable/c/0f022d32c3eca477fbf79a205243a6123ed0fe11

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version with 'uname -r'.

🔧 Temporary Workarounds

Remove recursive traffic control rules

linux

Identify and remove any tc rules that create mirroring loops between interfaces

tc filter show dev eth0
tc filter del dev eth0 parent 1: prio 2
tc filter show dev eth1
tc filter del dev eth1 parent 1: prio 2

🧯 If You Can't Patch

  • Audit all traffic control configurations for recursive mirroring patterns
  • Restrict CAP_NET_ADMIN capabilities to minimize attack surface

🔍 How to Verify

Check if Vulnerable:

Check kernel version and examine tc rules for recursive mirroring patterns like 'action mirred egress redirect dev eth0' on eth0 itself

Check Version:

uname -r

Verify Fix Applied:

After patching, test with provided tc commands - system should not deadlock and packets should be dropped instead

📡 Detection & Monitoring

Log Indicators:

  • Kernel logs showing 'possible recursive locking detected' or 'DEADLOCK' warnings
  • System becoming unresponsive with high CPU usage in network stack

Network Indicators:

  • Sudden loss of network connectivity on specific interfaces
  • Abnormal traffic patterns with packet loops

SIEM Query:

source="kernel" AND ("recursive locking" OR "DEADLOCK" OR "mirred")

📊 Metadata

CVE ID: CVE-2024-27010
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-667
Published: May 1, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27010, you might also want to check these:

CVE-2020-12658 9.8

CVE-2020-12658 is a critical vulnerability in gssproxy (GSS-API proxy daemon) where improper mutex h...

Same vulnerability type (CWE-667)
CVE-2020-11284 8.4

This vulnerability allows non-secure boot loaders to unlock and modify memory regions that should re...

Same vulnerability type (CWE-667)
CVE-2021-22530 8.2

CVE-2021-22530 is an authentication bypass vulnerability in NetIQ Advanced Authentication that allow...

Same vulnerability type (CWE-667)