5.5

CVE-2024-26809

netfilter: nft_set_pipapo: release elements in clone only from destroy path

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_pipapo: release elements in clone only from destroy path

Clone already always provides a current view of the lookup table, use it
to destroy the set, otherwise it is possible to destroy elements twice.

This fix requires:

 212ed75dc5fb ("netfilter: nf_tables: integrate pipapo into commit protocol")

which came after:

 9827a0e6e23b ("netfilter: nft_set_pipapo: release elements in clone from abort path").
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.10.130 < 5.10.214
LinuxLinux Kernel Version >= 5.15.54 < 5.15.153
LinuxLinux Kernel Version >= 5.18.11 < 6.1.83
LinuxLinux Kernel Version >= 6.2 < 6.6.23
LinuxLinux Kernel Version >= 6.7 < 6.7.11
LinuxLinux Kernel Version >= 6.8 < 6.8.2
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.196
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Mailing List
https://git.kernel.org/stable/c/362508506bf545e9ce18c72a2c48dcbfb891ab9c
Patch
https://git.kernel.org/stable/c/5ad233dc731ab64cdc47b84a5c1f78fff6c024af
Patch
https://git.kernel.org/stable/c/821e28d5b506e6a73ccc367ff792bd894050d48b
Patch
https://git.kernel.org/stable/c/9384b4d85c46ce839f51af01374062ce6318b2f2
Patch
https://git.kernel.org/stable/c/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee
Patch
https://git.kernel.org/stable/c/b36b83297ff4910dfc8705402c8abffd4bbf8144
Patch
https://git.kernel.org/stable/c/ff90050771412b91e928093ccd8736ae680063c2
Patch