CVE-2024-26581

netfilter: nft_set_rbtree: skip end interval element from gc

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has
been just added in this transactions, skip end interval elements that
are not yet active.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nft_set_rbtree: omitir elemento de intervalo final de gc rbtree lazy gc al insertar puede recopilar un elemento de intervalo final que se acaba de agregar en estas transacciones, omitir elementos de intervalo final que aún no están activo.

A flaw was found in the Linux kernel’s Netfilter subsystem. This issue occurs in the nft_set_rbtree. rbtree lazy gc on insert, which might collect an end interval element just added in a transaction and skip the end interval elements not yet active.

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active.

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-02-20 CVE Published
2024-09-23 First Exploit
2025-04-15 EPSS Updated
2025-05-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-416: Use After Free

CAPEC

References (18)

URL	Tag	Source
https://git.kernel.org/stable/c/acaee227cf79c45a5d2d49c3e9a66333a462802c	Vuln. Introduced
https://git.kernel.org/stable/c/893cb3c3513cf661a0ff45fe0cfa83fe27131f76	Vuln. Introduced
https://git.kernel.org/stable/c/50cbb9d195c197af671869c8cadce3bd483735a0	Vuln. Introduced
https://git.kernel.org/stable/c/89a4d1a89751a0fbd520e64091873e19cc0979e8	Vuln. Introduced
https://git.kernel.org/stable/c/f718863aca469a109895cb855e6b81fff4827d71	Vuln. Introduced
https://git.kernel.org/stable/c/cd66733932399475fe933cb3ec03e687ed401462	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

URL	Date	SRC
https://github.com/madfxr/CVE-2024-26581-Checker	2024-09-23

URL	Date	SRC
https://git.kernel.org/stable/c/10e9cb39313627f2eae4cd70c4b742074e998fd8	2024-02-23
https://git.kernel.org/stable/c/4cee42fcf54fec46b344681e7cc4f234bb22f85a	2024-02-23
https://git.kernel.org/stable/c/2bab493a5624444ec6e648ad0d55a362bcb4c003	2024-02-23
https://git.kernel.org/stable/c/1296c110c5a0b45a8fcf58e7d18bc5da61a565cb	2024-02-16
https://git.kernel.org/stable/c/b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7	2024-02-16
https://git.kernel.org/stable/c/6eb14441f10602fa1cf691da9d685718b68b78a9	2024-02-16
https://git.kernel.org/stable/c/60c0c230c6f046da536d3df8b39a20b9a9fd6af0	2024-02-08
https://git.kernel.org/stable/c/c60d252949caf9aba537525195edae6bbabc35eb	2024-06-16

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-26581	2024-08-28
https://bugzilla.redhat.com/show_bug.cgi?id=2265185	2024-08-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.262 < 5.4.269 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.262 < 5.4.269"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.190 < 5.10.210 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.190 < 5.10.210"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.124 < 5.15.149 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.124 < 5.15.149"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.43 < 6.1.78 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.43 < 6.1.78"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.5 < 6.6.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.6.17"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.5 < 6.7.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.7.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.5 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.4.8 Search vendor "Linux" for product "Linux Kernel" and version "6.4.8"		en		Affected