CVE-2024-26643

Updated: 2025-03-13 21:48:24.223424

Description:

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path. Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set element timeout"). Fix this by setting on the dead flag for anonymous sets to skip async gc in this case. According to 08e4c8c5919f ("netfilter: nf_tables: mark newset as dead on transaction abort"), Florian plans to accelerate abort path by releasing objects via workqueue, therefore, this sets on the dead flag for abort path too.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 5.5 MEDIUM Released CLSA-2025:1743193221 2024-06-24 11:21:46
CentOS 6 ELS kernel 2.6.32 5.5 MEDIUM Not Vulnerable 2024-06-11 11:20:43
CentOS 7 ELS kernel 3.10.0 5.5 MEDIUM Not Vulnerable 2024-06-11 11:20:43
CentOS 8.4 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-06-24 11:21:46
CentOS 8.5 ELS kernel 4.18.0 5.5 MEDIUM Ignored 2024-06-24 11:21:46
CentOS Stream 8 ELS kernel 4.18.0 5.5 MEDIUM Already Fixed 2024-06-09 14:20:09
CloudLinux 6 ELS kernel 2.6.32 5.5 MEDIUM Not Vulnerable 2024-06-11 11:20:43
CloudLinux 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2025-03-17 23:16:10
Oracle Linux 6 ELS kernel 2.6.32 5.5 MEDIUM Not Vulnerable 2024-06-11 11:20:43
Oracle Linux 7 ELS kernel 3.10.0 5.5 MEDIUM Ignored 2025-03-17 23:16:10
Total: 14