CVE-2024-39503

EPSS 0.01%
Published 12.07.2024 13:15:12
Last modified 17.09.2025 15:28:50
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type

Lion Ackermann reported that there is a race condition between namespace cleanup
in ipset and the garbage collection of the list:set type. The namespace
cleanup can destroy the list:set type of sets while the gc of the set type is
waiting to run in rcu cleanup. The latter uses data from the destroyed set which
thus leads use after free. The patch contains the following parts:

- When destroying all sets, first remove the garbage collectors, then wait
  if needed and then destroy the sets.
- Fix the badly ordered "wait then remove gc" for the destroy a single set
  case.
- Fix the missing rcu locking in the list:set type in the userspace test
  case.
- Use proper RCU list handlings in the list:set type.

The patch depends on c1193d9bbbd3 (netfilter: ipset: Add list flush to cancel_gc).

Affected products Warnungen 0 Metrics 2 CWE 2 References 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.4.269 < 5.4.279

Linux ≫ Linux Kernel Version >= 5.10.210 < 5.10.221

Linux ≫ Linux Kernel Version >= 5.15.149 < 5.15.162

Linux ≫ Linux Kernel Version >= 6.1.79 < 6.1.95

Linux ≫ Linux Kernel Version >= 6.6.18 < 6.6.35

Linux ≫ Linux Kernel Version >= 6.7.6 < 6.8

Linux ≫ Linux Kernel Version >= 6.8.1 < 6.9.6

Linux ≫ Linux Kernel Version6.8 Update-

Linux ≫ Linux Kernel Version6.8 Updaterc3

Linux ≫ Linux Kernel Version6.8 Updaterc4

Linux ≫ Linux Kernel Version6.8 Updaterc5

Linux ≫ Linux Kernel Version6.8 Updaterc6

Linux ≫ Linux Kernel Version6.8 Updaterc7

Linux ≫ Linux Kernel Version6.10 Updaterc1

Linux ≫ Linux Kernel Version6.10 Updaterc2

Linux ≫ Linux Kernel Version6.10 Updaterc3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.011

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/0f1bb77c6d837c9513943bc7c08f04c5cc5c6568

Patch

https://git.kernel.org/stable/c/2ba35b37f780c6410bb4bba9c3072596d8576702

Patch

https://git.kernel.org/stable/c/390b353d1a1da3e9c6c0fd14fe650d69063c95d6

Patch

https://git.kernel.org/stable/c/4e7aaa6b82d63e8ddcbfb56b4fd3d014ca586f10

Patch

https://git.kernel.org/stable/c/90ae20d47de602198eb69e6cd7a3db3420abfc08

Patch

https://git.kernel.org/stable/c/93b53c202b51a69e42ca57f5a183f7e008e19f83

Patch