CVE-2024-54683: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-54683 is a vulnerability in the Linux kernel's netfilter IDLETIMER implementation that was discovered and resolved in January 2025. The issue affects Linux kernel versions from 2.6.36 up to (excluding) 6.6.67 and from 6.7 up to (excluding) 6.12.6, including release candidates 6.13-rc1 and 6.13-rc2. The vulnerability involves a potential ABBA deadlock condition in the netfilter IDLETIMER component (NVD).

The vulnerability is characterized by a possible circular locking dependency that occurs when deleting the last rule referencing a given idletimer simultaneously with a read of its file in sysfs. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified as CWE-667 (Improper Locking) (NVD).

The vulnerability can lead to a deadlock condition in the Linux kernel's netfilter IDLETIMER component, potentially affecting system availability. The CVSS scoring indicates that while there is no impact on confidentiality or integrity, there is a high impact on availability when successfully exploited (NVD).

The vulnerability has been patched in the Linux kernel. The fix involves modifying the locking mechanism to free the list_mutex immediately after deleting the element from the list, before proceeding with the teardown process. The patch has been applied to multiple kernel versions (Kernel Patch).