5.5

CVE-2024-35898

netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()

nft_unregister_flowtable_type() within nf_flow_inet_module_exit() can
concurrent with __nft_flowtable_type_get() within nf_tables_newflowtable().
And thhere is not any protection when iterate over nf_tables_flowtables
list in __nft_flowtable_type_get(). Therefore, there is pertential
data-race of nf_tables_flowtables list entry.

Use list_for_each_entry_rcu() to iterate over nf_tables_flowtables list
in __nft_flowtable_type_get(), and use rcu_read_lock() in the caller
nft_flowtable_type_get() to protect the entire type query process.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.16 < 4.19.312
LinuxLinux Kernel Version >= 4.20 < 5.4.274
LinuxLinux Kernel Version >= 5.5 < 5.10.215
LinuxLinux Kernel Version >= 5.11 < 5.15.154
LinuxLinux Kernel Version >= 5.16 < 6.1.85
LinuxLinux Kernel Version >= 6.2 < 6.6.26
LinuxLinux Kernel Version >= 6.7 < 6.8.5
LinuxLinux Kernel Version6.9 Updaterc1
LinuxLinux Kernel Version6.9 Updaterc2
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.092
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Third Party Advisory
Mailing List
https://git.kernel.org/stable/c/24225011d81b471acc0e1e315b7d9905459a6304
Patch
https://git.kernel.org/stable/c/2485bcfe05ee3cf9ca8923a94fa2e456924c79c8
Patch
https://git.kernel.org/stable/c/69d1fe14a680042ec913f22196b58e2c8ff1b007
Patch
https://git.kernel.org/stable/c/8b891153b2e4dc0ca9d9dab8f619d49c740813df
Patch
https://git.kernel.org/stable/c/940d41caa71f0d3a52df2fde5fada524a993e331
Patch
https://git.kernel.org/stable/c/9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b
Patch
https://git.kernel.org/stable/c/a347bc8e6251eaee4b619da28020641eb5b0dd77
Patch
https://git.kernel.org/stable/c/e684b1674fd1ca4361812a491242ae871d6b2859
Patch
https://cert-portal.siemens.com/productcert/html/ssa-265688.html