CVE-2024-27397
netfilter: nf_tables: use timestamp to check for set element timeout
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: use timestamp to check for set element timeout
Add a timestamp field at the beginning of the transaction, store it
in the nftables per-netns area.
Update set backend .insert, .deactivate and sync gc path to use the
timestamp, this avoids that an element expires while control plane
transaction is still unfinished.
.lookup and .update, which are used from packet path, still use the
current time to check if the element has expired. And .get path and dump
also since this runs lockless under rcu read size lock. Then, there is
async gc which also needs to check the current time since it runs
asynchronously from a workqueue.
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nf_tables: use la marca de tiempo para verificar el tiempo de espera del elemento establecido. Agregue un campo de marca de tiempo al comienzo de la transacción y guárdelo en el área nftables per-netns. Actualice el conjunto de backend .insert, .deactivate y sincronice la ruta gc para usar la marca de tiempo, esto evita que un elemento caduque mientras la transacción del plano de control aún no ha finalizado. .lookup y .update, que se usan desde la ruta del paquete, aún usan la hora actual para verificar si el elemento ha caducado. Y obtener ruta y volcar también, ya que se ejecuta sin bloqueo bajo el bloqueo de tamaño de lectura de rcu. Luego, está el gc async que también necesita verificar la hora actual, ya que se ejecuta de forma asincrónica desde una cola de trabajo.
A use-after-free flaw was found in the Linux kernel’s netfilter subsystem in how a user triggers the element timeout. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-25 CVE Reserved
- 2024-05-09 CVE Published
- 2024-08-19 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/c3e1b005ed1cc068fc9d454a6e745830d55d251d | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2024-27397 | 2024-08-13 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2280434 | 2024-08-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.1 < 4.19.320 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.1 < 4.19.320" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.1 < 5.4.282 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.1 < 5.4.282" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.1 < 5.10.224 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.1 < 5.10.224" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.1 < 5.15.165 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.1 < 5.15.165" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.1 < 6.1.97 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.1 < 6.1.97" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.1 < 6.7.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.1 < 6.7.5" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.1 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.1 < 6.8" | en |
Affected
|