// For flags

CVE-2024-26910

netfilter: ipset: fix performance regression in swap operation

Severity Score

4.7
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ipset: fix performance regression in swap operation

The patch "netfilter: ipset: fix race condition between swap/destroy
and kernel side add/del/test", commit 28628fa9 fixes a race condition.
But the synchronize_rcu() added to the swap function unnecessarily slows
it down: it can safely be moved to destroy and use call_rcu() instead.

Eric Dumazet pointed out that simply calling the destroy functions as
rcu callback does not work: sets with timeout use garbage collectors
which need cancelling at destroy which can wait. Therefore the destroy
functions are split into two: cancelling garbage collectors safely at
executing the command received by netlink and moving the remaining
part only into the rcu callback.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: ipset: corrige la regresión de rendimiento en la operación de intercambio El parche "netfilter: ipset: corrige la condición de ejecución entre swap/destroy y add/del/test del lado del kernel", commit 28628fa9 corrige un condición de ejecución. Pero elsync_rcu() agregado a la función swap la ralentiza innecesariamente: se puede mover con seguridad para destruir y usar call_rcu() en su lugar. Eric Dumazet señaló que simplemente llamar a las funciones de destrucción como devolución de llamada de rcu no funciona: los conjuntos con tiempo de espera usan recolectores de basura que necesitan cancelarse en la destrucción y que pueden esperar. Por lo tanto, las funciones de destrucción se dividen en dos: cancelar los recolectores de basura de forma segura al ejecutar el comando recibido por netlink y mover la parte restante solo a la devolución de llamada de rcu.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-02-19 CVE Reserved
  • 2024-04-17 CVE Published
  • 2024-04-30 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.4.264 < 5.4.269
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.264 < 5.4.269"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.10.204 < 5.10.210
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.204 < 5.10.210"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 5.15.143 < 5.15.149
Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.143 < 5.15.149"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.1.68 < 6.1.79
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.68 < 6.1.79"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.6.7 < 6.6.18
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.7 < 6.6.18"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.7 < 6.7.6
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.7.6"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 6.7 < 6.8
Search vendor "Linux" for product "Linux Kernel" and version " >= 6.7 < 6.8"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
4.19.302
Search vendor "Linux" for product "Linux Kernel" and version "4.19.302"
en
Affected