CVE-2024-26643

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/03/2024
Last modified:
13/03/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout<br /> <br /> While the rhashtable set gc runs asynchronously, a race allows it to<br /> collect elements from anonymous sets with timeouts while it is being<br /> released from the commit path.<br /> <br /> Mingi Cho originally reported this issue in a different path in 6.1.x<br /> with a pipapo set with low timeouts which is not possible upstream since<br /> 7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set<br /> element timeout").<br /> <br /> Fix this by setting on the dead flag for anonymous sets to skip async gc<br /> in this case.<br /> <br /> According to 08e4c8c5919f ("netfilter: nf_tables: mark newset as dead on<br /> transaction abort"), Florian plans to accelerate abort path by releasing<br /> objects via workqueue, therefore, this sets on the dead flag for abort<br /> path too.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.4.274 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.215 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.154 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.1.84 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.24 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.7.12 (excluding)
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*