CVE-2024-26835

netfilter: nf_tables: set dormant flag on hook register failure

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: set dormant flag on hook register failure

We need to set the dormant flag again if we fail to register
the hooks.

During memory pressure hook registration can fail and we end up
with a table marked as active but no registered hooks.

On table/base chain deletion, nf_tables will attempt to unregister
the hook again which yields a warn splat from the nftables core.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: establece el indicador inactivo en caso de error en el registro del enlace. Necesitamos configurar el indicador inactivo nuevamente si no logramos registrar los enlaces. Durante la presión de la memoria, el registro de ganchos puede fallar y terminamos con una tabla marcada como activa pero sin ganchos registrados. Al eliminar la tabla/cadena base, nf_tables intentará cancelar el registro del gancho nuevamente, lo que genera un símbolo de advertencia desde el núcleo de nftables.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-04-17 CVE Published
2024-04-18 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (12)

URL	Tag	Source
https://git.kernel.org/stable/c/e10f661adc556c4969c70ddaddf238bffdaf1e87	Vuln. Introduced
https://git.kernel.org/stable/c/d9c4da8cb74e8ee6e58a064a3573aa37acf6c935	Vuln. Introduced
https://git.kernel.org/stable/c/179d9ba5559a756f4322583388b3213fe4e391b0	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/ae4360cbd385f0d7a8a86d5723e50448cc6318f3	2024-03-01
https://git.kernel.org/stable/c/31ea574aeca1aa488e18716459bde057217637af	2024-03-01
https://git.kernel.org/stable/c/664264a5c55bf97a9c571c557d477b75416199be	2024-03-01
https://git.kernel.org/stable/c/0c9302a6da262e6ab6a6c1d30f04a6130ed97376	2024-03-01
https://git.kernel.org/stable/c/f2135bbf14949687e96cabb13d8a91ae3deb9069	2024-03-01
https://git.kernel.org/stable/c/6f2496366426cec18ba53f1c7f6c3ac307ca6a95	2024-03-01
https://git.kernel.org/stable/c/bccebf64701735533c8db37773eeacc6566cc8ec	2024-02-21
https://git.kernel.org/stable/c/a6411f3c48f991c19aaf9a24fce36865fbba28d7	2024-06-16

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.262 < 5.4.270 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.262 < 5.4.270"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.202 < 5.10.211 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.202 < 5.10.211"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.15.150 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.15.150"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 6.1.80 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.1.80"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 6.6.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.6.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 6.7.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.7.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.8"		en		Affected