CVE-2024-35897

netfilter: nf_tables: discard table flag update with pending basechain deletion

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: discard table flag update with pending basechain deletion Hook unregistration is deferred to the commit phase, same occurs with
hook updates triggered by the table dormant flag. When both commands are
combined, this results in deleting a basechain while leaving its hook
still registered in the core.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nf_tables: descartar actualización del indicador de tabla con eliminación pendiente de la cadena base. La cancelación del registro del gancho se difiere hasta la fase de confirmación; lo mismo ocurre con las actualizaciones del gancho activadas por el indicador inactivo de la tabla. Cuando se combinan ambos comandos, esto da como resultado la eliminación de una cadena base y deja su gancho aún registrado en el núcleo.

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: discard table flag update with pending basechain deletion Hook unregistration is deferred to the commit phase, same occurs with hook updates triggered by the table dormant flag. When both commands are combined, this results in deleting a basechain while leaving its hook still registered in the core.

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-17 CVE Reserved
2024-05-19 CVE Published
2025-05-04 CVE Updated
2025-06-27 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (14)

URL	Tag	Source
https://git.kernel.org/stable/c/e10f661adc556c4969c70ddaddf238bffdaf1e87	Vuln. Introduced
https://git.kernel.org/stable/c/d9c4da8cb74e8ee6e58a064a3573aa37acf6c935	Vuln. Introduced
https://git.kernel.org/stable/c/179d9ba5559a756f4322583388b3213fe4e391b0	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/9a3b90904d8a072287480eed4c3ece4b99d64f78	2024-04-13
https://git.kernel.org/stable/c/b58d0ac35f6d75ec1db8650a29dfd6f292c11362	2024-04-13
https://git.kernel.org/stable/c/6cbbe1ba76ee7e674a86abd43009b083a45838cb	2024-04-13
https://git.kernel.org/stable/c/2aeb805a1bcd5f27c8c0d1a9d4d653f16d1506f4	2024-04-13
https://git.kernel.org/stable/c/9627fd0c6ea1c446741a33e67bc5709c59923827	2024-04-10
https://git.kernel.org/stable/c/7f609f630951b624348373cef99991ce08831927	2024-04-10
https://git.kernel.org/stable/c/1bc83a019bbe268be3526406245ec28c2458a518	2024-04-04
https://git.kernel.org/stable/c/e75faf01e22ec7dc671640fa0e0968964fafd2fc	2024-06-16

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-35897	2024-08-28
https://bugzilla.redhat.com/show_bug.cgi?id=2281672	2024-08-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.262 < 5.4.274 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.262 < 5.4.274"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.202 < 5.10.215 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.202 < 5.10.215"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.15.155 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.15.155"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 6.1.86 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.1.86"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 6.6.26 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.6.26"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 6.8.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.8.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 6.9"		en		Affected