5.5

CVE-2024-26643

EPSS 0.01%
Published 21.03.2024 11:15:28
Last modified 13.03.2025 21:20:19
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout

While the rhashtable set gc runs asynchronously, a race allows it to
collect elements from anonymous sets with timeouts while it is being
released from the commit path.

Mingi Cho originally reported this issue in a different path in 6.1.x
with a pipapo set with low timeouts which is not possible upstream since
7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set
element timeout").

Fix this by setting on the dead flag for anonymous sets to skip async gc
in this case.

According to 08e4c8c5919f ("netfilter: nf_tables: mark newset as dead on
transaction abort"), Florian plans to accelerate abort path by releasing
objects via workqueue, therefore, this sets on the dead flag for abort
path too.

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.4.274

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.215

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.154

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.84

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.24

Linux ≫ Linux Kernel Version >= 6.7 < 6.7.12

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.008

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Mailing List

https://git.kernel.org/stable/c/291cca35818bd52a407bc37ab45a15816039e363

Patch

https://git.kernel.org/stable/c/406b0241d0eb598a0b330ab20ae325537d8d8163

Patch

https://git.kernel.org/stable/c/5224afbc30c3ca9ba23e752f0f138729b2c48dd8

Patch

https://git.kernel.org/stable/c/552705a3650bbf46a22b1adedc1b04181490fc36

Patch

https://git.kernel.org/stable/c/b2d6f9a5b1cf968f1eaa71085ceeb09c2cb276b1

Patch

https://git.kernel.org/stable/c/d75a589bb92af1abf3b779cfcd1977ca11b27033

Patch

https://git.kernel.org/stable/c/e2d45f467096e931044f0ab7634499879d851a5c

Patch

https://git.kernel.org/stable/c/edcf1a3f182ecf8b6b805f0ce90570ea98c5f6bf

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-26643

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-26643

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-26643

EUVD