CVE-2024-35898

netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()

nft_unregister_flowtable_type() within nf_flow_inet_module_exit() can
concurrent with __nft_flowtable_type_get() within nf_tables_newflowtable().
And thhere is not any protection when iterate over nf_tables_flowtables
list in __nft_flowtable_type_get(). Therefore, there is pertential
data-race of nf_tables_flowtables list entry.

Use list_for_each_entry_rcu() to iterate over nf_tables_flowtables list
in __nft_flowtable_type_get(), and use rcu_read_lock() in the caller
nft_flowtable_type_get() to protect the entire type query process.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nf_tables: corrige una posible ejecución de datos en __nft_flowtable_type_get() nft_unregister_flowtable_type() dentro de nf_flow_inet_module_exit() puede coincidir con __nft_flowtable_type_get() dentro de nf_tables_newflowtable(). Y no hay ninguna protección cuando se itera sobre la lista nf_tables_flowtables en __nft_flowtable_type_get(). Por lo tanto, existe una posible ejecución de datos de la entrada de la lista nf_tables_flowtables. Utilice list_for_each_entry_rcu() para iterar sobre la lista nf_tables_flowtables en __nft_flowtable_type_get() y utilice rcu_read_lock() en el llamador nft_flowtable_type_get() para proteger todo el proceso de consulta de tipos.

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-17 CVE Reserved
2024-05-19 CVE Published
2024-05-20 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (13)

URL	Tag	Source
https://git.kernel.org/stable/c/3b49e2e94e6ebb8b23d0955d9e898254455734f8	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/69d1fe14a680042ec913f22196b58e2c8ff1b007	2024-04-13
https://git.kernel.org/stable/c/a347bc8e6251eaee4b619da28020641eb5b0dd77	2024-04-13
https://git.kernel.org/stable/c/940d41caa71f0d3a52df2fde5fada524a993e331	2024-04-13
https://git.kernel.org/stable/c/2485bcfe05ee3cf9ca8923a94fa2e456924c79c8	2024-04-10
https://git.kernel.org/stable/c/9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b	2024-04-10
https://git.kernel.org/stable/c/8b891153b2e4dc0ca9d9dab8f619d49c740813df	2024-04-10
https://git.kernel.org/stable/c/e684b1674fd1ca4361812a491242ae871d6b2859	2024-04-10
https://git.kernel.org/stable/c/24225011d81b471acc0e1e315b7d9905459a6304	2024-04-04

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-35898	2024-09-24
https://bugzilla.redhat.com/show_bug.cgi?id=2281669	2024-09-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 4.19.312 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 4.19.312"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.4.274 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.4.274"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.10.215 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.10.215"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 5.15.154 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.15.154"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.1.85 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.1.85"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.6.26 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.6.26"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.8.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.8.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.16 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.9"		en		Affected