CVE-2024-26809

netfilter: nft_set_pipapo: release elements in clone only from destroy path

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: release elements in clone only from destroy path Clone already always provides a current view of the lookup table, use it
to destroy the set, otherwise it is possible to destroy elements twice. This fix requires: 212ed75dc5fb ("netfilter: nf_tables: integrate pipapo into commit protocol") which came after: 9827a0e6e23b ("netfilter: nft_set_pipapo: release elements in clone from abort path").

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nft_set_pipapo: libera elementos en el clon solo desde la ruta de destrucción. El clon ya siempre proporciona una vista actual de la tabla de búsqueda, úsala para destruir el conjunto; de lo contrario, es posible destruir elementos. dos veces. Esta solución requiere: 212ed75dc5fb ("netfilter: nf_tables: integrar pipapo en el protocolo de confirmación") que vino después: 9827a0e6e23b ("netfilter: nft_set_pipapo: liberar elementos en clon desde la ruta de cancelación").

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: release elements in clone only from destroy path Clone already always provides a current view of the lookup table, use it to destroy the set, otherwise it is possible to destroy elements twice. This fix requires: 212ed75dc5fb ("netfilter: nf_tables: integrate pipapo into commit protocol") which came after: 9827a0e6e23b ("netfilter: nft_set_pipapo: release elements in clone from abort path").

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-04-04 CVE Published
2024-04-05 EPSS Updated
2024-12-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (12)

URL	Tag	Source
https://git.kernel.org/stable/c/4a6430b99f67842617c7208ca55a411e903ba03a	Vuln. Introduced
https://git.kernel.org/stable/c/5ccecafc728b0df48263d5ac198220bcd79830bc	Vuln. Introduced
https://git.kernel.org/stable/c/9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e	Vuln. Introduced
https://git.kernel.org/stable/c/d2b18d110685ce46ca1633b8ec586c685e243a51	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/b36b83297ff4910dfc8705402c8abffd4bbf8144	2024-03-26
https://git.kernel.org/stable/c/362508506bf545e9ce18c72a2c48dcbfb891ab9c	2024-03-26
https://git.kernel.org/stable/c/5ad233dc731ab64cdc47b84a5c1f78fff6c024af	2024-03-26
https://git.kernel.org/stable/c/ff90050771412b91e928093ccd8736ae680063c2	2024-03-26
https://git.kernel.org/stable/c/821e28d5b506e6a73ccc367ff792bd894050d48b	2024-03-26
https://git.kernel.org/stable/c/9384b4d85c46ce839f51af01374062ce6318b2f2	2024-03-26
https://git.kernel.org/stable/c/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee	2024-03-20

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.130 < 5.10.214 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.130 < 5.10.214"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.54 < 5.15.153 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.54 < 5.15.153"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.1.83 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.1.83"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.6.23 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.6.23"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.7.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.7.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.8.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.8.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.19 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.18.11 Search vendor "Linux" for product "Linux Kernel" and version "5.18.11"		en		Affected