CVE-2024-26910

Updated: 2026-02-27 01:30:48.707249

Description:

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix performance regression in swap operation The patch "netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test", commit 28628fa9 fixes a race condition. But the synchronize_rcu() added to the swap function unnecessarily slows it down: it can safely be moved to destroy and use call_rcu() instead. Eric Dumazet pointed out that simply calling the destroy functions as rcu callback does not work: sets with timeout use garbage collectors which need cancelling at destroy which can wait. Therefore the destroy functions are split into two: cancelling garbage collectors safely at executing the command received by netlink and moving the remaining part only into the rcu callback.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x MEDIUM 4.7

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 4.7 MEDIUM Released CLSA-2025:1760546935 2025-10-16 00:24:00
CentOS 6 ELS kernel 2.6.32 4.7 MEDIUM Ignored 2024-04-30 17:10:58 Ignored due to low severity
CentOS 7 ELS kernel 3.10.0 4.7 MEDIUM Ignored 2024-04-30 17:10:58 Ignored due to low severity
CentOS 8.4 ELS kernel 4.18.0 4.7 MEDIUM Ignored 2024-04-30 17:10:58 Ignored due to low severity
CentOS 8.5 ELS kernel 4.18.0 4.7 MEDIUM Ignored 2024-04-30 17:10:58 Ignored due to low severity
CentOS Stream 8 ELS kernel 4.18.0 4.7 MEDIUM Ignored 2024-05-10 10:14:35 Ignored due to low severity
CloudLinux 6 ELS kernel 2.6.32 4.7 MEDIUM Ignored 2024-04-30 17:10:58 Ignored due to low severity
CloudLinux 7 ELS kernel 3.10.0 4.7 MEDIUM Ignored 2024-07-22 12:05:46 Ignored due to low severity
Oracle Linux 6 ELS kernel 2.6.32 4.7 MEDIUM Ignored 2024-04-30 17:10:58 Ignored due to low severity
Oracle Linux 7 ELS kernel 3.10.0 4.7 MEDIUM Ignored 2024-12-03 12:09:46 Ignored due to low severity
Total: 14