CVE-2024-26925
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
The commit mutex should not be released during the critical section
between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC
worker could collect expired objects and get the released commit lock
within the same GC sequence.
nf_tables_module_autoload() temporarily releases the mutex to load
module dependencies, then it goes back to replay the transaction again.
Move it at the end of the abort phase after nft_gc_seq_end() is called.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: libera mutex después de nft_gc_seq_end de la ruta de cancelación. El mutex de confirmación no debe liberarse durante la sección crítica entre nft_gc_seq_begin() y nft_gc_seq_end(); de lo contrario, el trabajador asíncrono de GC podría recopilar objetos caducados y obtener el bloqueo de confirmación liberado dentro de la misma secuencia de GC. nf_tables_module_autoload() libera temporalmente el mutex para cargar las dependencias del módulo, luego vuelve a reproducir la transacción nuevamente. Muévalo al final de la fase de cancelación después de llamar a nft_gc_seq_end().
A flaw was found in the Linux kernel’s Netfilter nf_tables module. The issue arises from improper mutex handling during the garbage collection (GC) process. The problem occurs between the critical functions nft_gc_seq_begin() and nft_gc_seq_end(), where a mutex lock is incorrectly released too early, leading to potential race conditions. This issue could allow an asynchronous GC worker to collect expired objects and improperly obtain the released commit lock within the same sequence, potentially causing system instability or data corruption.
This vulnerability can be exploited by attackers with local access, leading to unexpected behavior or even privilege escalation under certain conditions. The kernel patch for this issue moves the mutex release to the correct point, ensuring the sequence completes safely before releasing any locks.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-19 CVE Reserved
- 2024-04-24 CVE Published
- 2024-04-25 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-667: Improper Locking
CAPEC
References (17)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-26925 | 2024-08-28 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2277166 | 2024-08-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4.262 < 5.4.274 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.262 < 5.4.274" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.10.198 < 5.10.215 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.198 < 5.10.215" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.15.134 < 5.15.155 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.134 < 5.15.155" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1.56 < 6.1.86 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.56 < 6.1.86" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.5 < 6.6.26 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.6.26" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.5 < 6.8.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.8.5" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.5 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.9" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.19.316 Search vendor "Linux" for product "Linux Kernel" and version "4.19.316" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.4.13 Search vendor "Linux" for product "Linux Kernel" and version "6.4.13" | en |
Affected
|