5.5

CVE-2024-35900

EPSS 0.02%
Veröffentlicht 19.05.2024 09:15:10
Zuletzt bearbeitet 12.05.2026 12:16:40
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

netfilter: nf_tables: reject new basechain after table flag update

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: reject new basechain after table flag update

When dormant flag is toggled, hooks are disabled in the commit phase by
iterating over current chains in table (existing and new).

The following configuration allows for an inconsistent state:

  add table x
  add chain x y { type filter hook input priority 0; }
  add table x { flags dormant; }
  add chain x w { type filter hook input priority 1; }

which triggers the following warning when trying to unregister chain w
which is already unregistered.

[  127.322252] WARNING: CPU: 7 PID: 1211 at net/netfilter/core.c:50                                                                     1 __nf_unregister_net_hook+0x21a/0x260
[...]
[  127.322519] Call Trace:
[  127.322521]  <TASK>
[  127.322524]  ? __warn+0x9f/0x1a0
[  127.322531]  ? __nf_unregister_net_hook+0x21a/0x260
[  127.322537]  ? report_bug+0x1b1/0x1e0
[  127.322545]  ? handle_bug+0x3c/0x70
[  127.322552]  ? exc_invalid_op+0x17/0x40
[  127.322556]  ? asm_exc_invalid_op+0x1a/0x20
[  127.322563]  ? kasan_save_free_info+0x3b/0x60
[  127.322570]  ? __nf_unregister_net_hook+0x6a/0x260
[  127.322577]  ? __nf_unregister_net_hook+0x21a/0x260
[  127.322583]  ? __nf_unregister_net_hook+0x6a/0x260
[  127.322590]  ? __nf_tables_unregister_hook+0x8a/0xe0 [nf_tables]
[  127.322655]  nft_table_disable+0x75/0xf0 [nf_tables]
[  127.322717]  nf_tables_commit+0x2571/0x2620 [nf_tables]

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

NVD 13 VulnDex Vulnerability Enrichment 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.4.262 < 5.4.274

Linux ≫ Linux Kernel Version >= 5.10.202 < 5.10.215

Linux ≫ Linux Kernel Version >= 5.13.1 < 5.15.154

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.85

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.26

Linux ≫ Linux Kernel Version >= 6.7 < 6.8.5

Linux ≫ Linux Kernel Version5.13 Update-

Linux ≫ Linux Kernel Version5.13 Updaterc5

Linux ≫ Linux Kernel Version5.13 Updaterc6

Linux ≫ Linux Kernel Version5.13 Updaterc7

Linux ≫ Linux Kernel Version6.9 Updaterc1

Linux ≫ Linux Kernel Version6.9 Updaterc2

Debian ≫ Debian Linux Version10.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.026

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Third Party Advisory

Mailing List

https://git.kernel.org/stable/c/41bad13c0e8a5a2b47a7472cced922555372daab

Patch

https://git.kernel.org/stable/c/420132bee3d0136b7fba253a597b098fe15493a7

Patch

https://git.kernel.org/stable/c/6d12f21f8bbe23fde25b77c2bf5973c136b8bef8

Patch

https://git.kernel.org/stable/c/745cf6a843896cdac8766c74379300ed73c78830

Patch

https://git.kernel.org/stable/c/7b6fba6918714afee3e17796113ccab636255c7b

Patch

https://git.kernel.org/stable/c/8ba81dca416adf82fc5a2a23abc1a8cc02ad32fb

Patch

https://git.kernel.org/stable/c/994209ddf4f430946f6247616b2e33d179243769

Patch

https://git.kernel.org/stable/c/e95bb4cba94c018be24b11f017d1c55dd6cda31a

Patch

https://cert-portal.siemens.com/productcert/html/ssa-265688.html

https://nvd.nist.gov/vuln/detail/CVE-2024-35900

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-35900

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-35900

EUVD