Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-27011

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/05/2024
Last modified:
04/11/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: nf_tables: fix memleak in map from abort path<br /> <br /> The delete set command does not rely on the transaction object for<br /> element removal, therefore, a combination of delete element + delete set<br /> from the abort path could result in restoring twice the refcount of the<br /> mapping.<br /> <br /> Check for inactive element in the next generation for the delete element<br /> command in the abort path, skip restoring state if next generation bit<br /> has been already cleared. This is similar to the activate logic using<br /> the set walk iterator.<br /> <br /> [ 6170.286929] ------------[ cut here ]------------<br /> [ 6170.286939] WARNING: CPU: 6 PID: 790302 at net/netfilter/nf_tables_api.c:2086 nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]<br /> [ 6170.287071] Modules linked in: [...]<br /> [ 6170.287633] CPU: 6 PID: 790302 Comm: kworker/6:2 Not tainted 6.9.0-rc3+ #365<br /> [ 6170.287768] RIP: 0010:nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]<br /> [ 6170.287886] Code: df 48 8d 7d 58 e8 69 2e 3b df 48 8b 7d 58 e8 80 1b 37 df 48 8d 7d 68 e8 57 2e 3b df 48 8b 7d 68 e8 6e 1b 37 df 48 89 ef eb c4 0b 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 0f<br /> [ 6170.287895] RSP: 0018:ffff888134b8fd08 EFLAGS: 00010202<br /> [ 6170.287904] RAX: 0000000000000001 RBX: ffff888125bffb28 RCX: dffffc0000000000<br /> [ 6170.287912] RDX: 0000000000000003 RSI: ffffffffa20298ab RDI: ffff88811ebe4750<br /> [ 6170.287919] RBP: ffff88811ebe4700 R08: ffff88838e812650 R09: fffffbfff0623a55<br /> [ 6170.287926] R10: ffffffff8311d2af R11: 0000000000000001 R12: ffff888125bffb10<br /> [ 6170.287933] R13: ffff888125bffb10 R14: dead000000000122 R15: dead000000000100<br /> [ 6170.287940] FS: 0000000000000000(0000) GS:ffff888390b00000(0000) knlGS:0000000000000000<br /> [ 6170.287948] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [ 6170.287955] CR2: 00007fd31fc00710 CR3: 0000000133f60004 CR4: 00000000001706f0<br /> [ 6170.287962] Call Trace:<br /> [ 6170.287967] <br /> [ 6170.287973] ? __warn+0x9f/0x1a0<br /> [ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]<br /> [ 6170.288092] ? report_bug+0x1b1/0x1e0<br /> [ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]<br /> [ 6170.288092] ? report_bug+0x1b1/0x1e0<br /> [ 6170.288104] ? handle_bug+0x3c/0x70<br /> [ 6170.288112] ? exc_invalid_op+0x17/0x40<br /> [ 6170.288120] ? asm_exc_invalid_op+0x1a/0x20<br /> [ 6170.288132] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables]<br /> [ 6170.288243] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]<br /> [ 6170.288366] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables]<br /> [ 6170.288483] nf_tables_trans_destroy_work+0x588/0x590 [nf_tables]

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.12 (including) 6.8.8 (excluding)
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools