CVE-2024-40993

netfilter: ipset: Fix suspicious rcu_dereference_protected()

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix suspicious rcu_dereference_protected() When destroying all sets, we are either in pernet exit phase or
are executing a "destroy all sets command" from userspace. The latter
was taken into account in ip_set_dereference() (nfnetlink mutex is held),
but the former was not. The patch adds the required check to
rcu_dereference_protected() in ip_set_dereference().

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix suspicious rcu_dereference_protected() When destroying all sets, we are either in pernet exit phase or are executing a "destroy all sets command" from userspace. The latter was taken into account in ip_set_dereference() (nfnetlink mutex is held), but the former was not. The patch adds the required check to rcu_dereference_protected() in ip_set_dereference().

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-12 CVE Reserved
2024-07-12 CVE Published
2024-12-19 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/390b353d1a1da3e9c6c0fd14fe650d69063c95d6	Vuln. Introduced
https://git.kernel.org/stable/c/2ba35b37f780c6410bb4bba9c3072596d8576702	Vuln. Introduced
https://git.kernel.org/stable/c/90ae20d47de602198eb69e6cd7a3db3420abfc08	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/788d585e62f487bc4536d454937f737b70d39a33	2024-06-27
https://git.kernel.org/stable/c/94dd411c18d7fff9e411555d5c662d29416501e4	2024-06-27
https://git.kernel.org/stable/c/3fc09e1ca854bc234e007a56e0f7431f5e2defb5	2024-06-27
https://git.kernel.org/stable/c/3799d02ae4208af08e81310770d8754863a246a1	2024-07-05
https://git.kernel.org/stable/c/72d9611968867cc4c5509e7708b1507d692b797a	2024-07-05
https://git.kernel.org/stable/c/523bed6489e089dd8040e72453fb79da47b144c2	2024-07-05
https://git.kernel.org/stable/c/8ecd06277a7664f4ef018abae3abd3451d64e7a6	2024-06-19

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.95 < 6.1.96 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.95 < 6.1.96"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.35 < 6.6.36 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.35 < 6.6.36"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.9.6 < 6.9.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.9.6 < 6.9.7"		en		Affected