5.5

CVE-2024-35900

EPSS 0.02%
Veröffentlicht 19.05.2024 09:15:10
Zuletzt bearbeitet 17.12.2025 03:42:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: reject new basechain after table flag update

When dormant flag is toggled, hooks are disabled in the commit phase by
iterating over current chains in table (existing and new).

The following configuration allows for an inconsistent state:

  add table x
  add chain x y { type filter hook input priority 0; }
  add table x { flags dormant; }
  add chain x w { type filter hook input priority 1; }

which triggers the following warning when trying to unregister chain w
which is already unregistered.

[  127.322252] WARNING: CPU: 7 PID: 1211 at net/netfilter/core.c:50                                                                     1 __nf_unregister_net_hook+0x21a/0x260
[...]
[  127.322519] Call Trace:
[  127.322521]  <TASK>
[  127.322524]  ? __warn+0x9f/0x1a0
[  127.322531]  ? __nf_unregister_net_hook+0x21a/0x260
[  127.322537]  ? report_bug+0x1b1/0x1e0
[  127.322545]  ? handle_bug+0x3c/0x70
[  127.322552]  ? exc_invalid_op+0x17/0x40
[  127.322556]  ? asm_exc_invalid_op+0x1a/0x20
[  127.322563]  ? kasan_save_free_info+0x3b/0x60
[  127.322570]  ? __nf_unregister_net_hook+0x6a/0x260
[  127.322577]  ? __nf_unregister_net_hook+0x21a/0x260
[  127.322583]  ? __nf_unregister_net_hook+0x6a/0x260
[  127.322590]  ? __nf_tables_unregister_hook+0x8a/0xe0 [nf_tables]
[  127.322655]  nft_table_disable+0x75/0xf0 [nf_tables]
[  127.322717]  nf_tables_commit+0x2571/0x2620 [nf_tables]

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.4.262 < 5.4.274

Linux ≫ Linux Kernel Version >= 5.10.202 < 5.10.215

Linux ≫ Linux Kernel Version >= 5.13.1 < 5.15.154

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.85

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.26

Linux ≫ Linux Kernel Version >= 6.7 < 6.8.5

Linux ≫ Linux Kernel Version5.13 Update-

Linux ≫ Linux Kernel Version5.13 Updaterc5

Linux ≫ Linux Kernel Version5.13 Updaterc6

Linux ≫ Linux Kernel Version5.13 Updaterc7

Linux ≫ Linux Kernel Version6.9 Updaterc1

Linux ≫ Linux Kernel Version6.9 Updaterc2

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.026

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Third Party Advisory

Mailing List

https://git.kernel.org/stable/c/41bad13c0e8a5a2b47a7472cced922555372daab

Patch

https://git.kernel.org/stable/c/420132bee3d0136b7fba253a597b098fe15493a7

Patch

https://git.kernel.org/stable/c/6d12f21f8bbe23fde25b77c2bf5973c136b8bef8

Patch

https://git.kernel.org/stable/c/745cf6a843896cdac8766c74379300ed73c78830

Patch

https://git.kernel.org/stable/c/7b6fba6918714afee3e17796113ccab636255c7b

Patch

https://git.kernel.org/stable/c/8ba81dca416adf82fc5a2a23abc1a8cc02ad32fb

Patch

https://git.kernel.org/stable/c/994209ddf4f430946f6247616b2e33d179243769

Patch

https://git.kernel.org/stable/c/e95bb4cba94c018be24b11f017d1c55dd6cda31a

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-35900

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-35900

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-35900

EUVD