5.5

CVE-2024-40993

netfilter: ipset: Fix suspicious rcu_dereference_protected()

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ipset: Fix suspicious rcu_dereference_protected()

When destroying all sets, we are either in pernet exit phase or
are executing a "destroy all sets command" from userspace. The latter
was taken into account in ip_set_dereference() (nfnetlink mutex is held),
but the former was not. The patch adds the required check to
rcu_dereference_protected() in ip_set_dereference().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version6.1.95
LinuxLinux Kernel Version6.6.35
LinuxLinux Kernel Version6.9.6
LinuxLinux Kernel Version6.10 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.196
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/3799d02ae4208af08e81310770d8754863a246a1
Patch
https://git.kernel.org/stable/c/3fc09e1ca854bc234e007a56e0f7431f5e2defb5
Patch
https://git.kernel.org/stable/c/523bed6489e089dd8040e72453fb79da47b144c2
Patch
https://git.kernel.org/stable/c/72d9611968867cc4c5509e7708b1507d692b797a
Patch
https://git.kernel.org/stable/c/788d585e62f487bc4536d454937f737b70d39a33
Patch
https://git.kernel.org/stable/c/8ecd06277a7664f4ef018abae3abd3451d64e7a6
Patch
https://git.kernel.org/stable/c/94dd411c18d7fff9e411555d5c662d29416501e4
Patch
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://cert-portal.siemens.com/productcert/html/ssa-265688.html