CVE-2024-26910

Updated: 2024-06-25 21:26:39.044146

Description:

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix performance regression in swap operation The patch "netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test", commit 28628fa9 fixes a race condition. But the synchronize_rcu() added to the swap function unnecessarily slows it down: it can safely be moved to destroy and use call_rcu() instead. Eric Dumazet pointed out that simply calling the destroy functions as rcu callback does not work: sets with timeout use garbage collectors which need cancelling at destroy which can wait. Therefore the destroy functions are split into two: cancelling garbage collectors safely at executing the command received by netlink and moving the remaining part only into the rcu callback.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 4.7

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 4.7 MEDIUM Ignored 2024-06-27 08:33:29
AlmaLinux 9.2 FIPS kernel 5.14.0 4.7 MEDIUM Ignored 2024-06-27 08:33:29
CentOS 6 ELS kernel 2.6.32 4.7 MEDIUM Ignored 2024-04-30 17:10:58
CentOS 7 ELS kernel 3.10.0 4.7 MEDIUM Ignored 2024-04-30 17:10:58
CentOS 8.4 ELS kernel 4.18.0 4.7 MEDIUM Ignored 2024-04-30 17:10:58
CentOS 8.5 ELS kernel 4.18.0 4.7 MEDIUM Ignored 2024-04-30 17:10:58
CentOS Stream 8 ELS kernel 4.18.0 4.7 MEDIUM Ignored 2024-05-10 10:14:35
CloudLinux 6 ELS kernel 2.6.32 4.7 MEDIUM Ignored 2024-04-30 17:10:58
CloudLinux 7 ELS kernel 3.10.0 4.7 MEDIUM Ignored 2024-07-22 12:05:46
Oracle Linux 6 ELS kernel 2.6.32 4.7 MEDIUM Ignored 2024-04-30 17:10:58
Total: 13