CVE-2024-27017
netfilter: nft_set_pipapo: walk over current view on netlink dump
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: walk over current view on netlink dump
The generation mask can be updated while netlink dump is in progress.
The pipapo set backend walk iterator cannot rely on it to infer what
view of the datastructure is to be used. Add notation to specify if user
wants to read/update the set.
Based on patch from Florian Westphal.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nft_set_pipapo: recorra la vista actual en el volcado de netlink. La máscara de generación se puede actualizar mientras el volcado de netlink está en progreso. El iterador de recorrido backend del conjunto pipapo no puede confiar en él para inferir qué vista de la estructura de datos se va a utilizar. Agregue notación para especificar si el usuario desea leer/actualizar el conjunto. Basado en un parche de Florian Westphal.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-19 CVE Reserved
- 2024-05-01 CVE Published
- 2024-09-30 CVE Updated
- 2024-10-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/0d836f917520300a8725a5dbdad4406438d0cead | Vuln. Introduced | |
| https://git.kernel.org/stable/c/2b84e215f87443c74ac0aa7f76bb172d43a87033 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/2a90da8e0dd50f42e577988f4219f4f4cd3616b7 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/45eb6944d0f55102229115de040ef3a48841434a | Vuln. Introduced | |
| https://git.kernel.org/stable/c/f661383b5f1aaac3fe121b91e04332944bc90193 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1.36 < 6.1.112 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.36 < 6.1.112" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.4 < 6.6.53 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.6.53" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.4 < 6.8.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.8.8" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.4 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.9" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.10.186 Search vendor "Linux" for product "Linux Kernel" and version "5.10.186" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 5.15.119 Search vendor "Linux" for product "Linux Kernel" and version "5.15.119" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.3.10 Search vendor "Linux" for product "Linux Kernel" and version "6.3.10" | en |
Affected
| ||||||