CVE-2024-27395

net: openvswitch: Fix Use-After-Free in ovs_ct_exit

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

net: openvswitch: Fix Use-After-Free in ovs_ct_exit

Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal
of ovs_ct_limit_exit, is not part of the RCU read critical section, it
is possible that the RCU grace period will pass during the traversal and
the key will be free.

To prevent this, it should be changed to hlist_for_each_entry_safe.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: openvswitch: Fix Use-After-Free en ovs_ct_exit Dado que kfree_rcu, que se llama en el recorrido hlist_for_each_entry_rcu de ovs_ct_limit_exit, no forma parte de la sección crítica de lectura de RCU, es posible que el período de gracia de RCU pasará durante el recorrido y la clave quedará libre. Para evitar esto, se debe cambiar a hlist_for_each_entry_safe.

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-25 CVE Reserved
2024-05-09 CVE Published
2024-05-10 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (13)

URL	Tag	Source
https://git.kernel.org/stable/c/11efd5cb04a184eea4f57b68ea63dddd463158d1	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/2db9a8c0a01fa1c762c1e61a13c212c492752994	2024-05-02
https://git.kernel.org/stable/c/589523cf0b384164e445dd5db8d5b1bf97982424	2024-05-02
https://git.kernel.org/stable/c/35880c3fa6f8fe281a19975d2992644588ca33d3	2024-05-02
https://git.kernel.org/stable/c/9048616553c65e750d43846f225843ed745ec0d4	2024-05-02
https://git.kernel.org/stable/c/bca6fa2d9a9f560e6b89fd5190b05cc2f5d422c1	2024-05-02
https://git.kernel.org/stable/c/eaa5e164a2110d2fb9e16c8a29e4501882235137	2024-05-02
https://git.kernel.org/stable/c/edee0758747d7c219e29db9ed1d4eb33e8d32865	2024-05-02
https://git.kernel.org/stable/c/5ea7b72d4fac2fdbc0425cd8f2ea33abe95235b2	2024-04-25

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-27395	2024-08-08
https://bugzilla.redhat.com/show_bug.cgi?id=2280440	2024-08-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 4.19.313 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 4.19.313"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.4.275 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.4.275"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.10.216 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.10.216"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 5.15.158 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 5.15.158"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 6.1.90 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 6.1.90"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 6.6.30 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 6.6.30"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 6.8.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 6.8.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.18 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.18 < 6.9"		en		Affected