CVE-2024-26925

Updated: 2024-07-11 21:25:45.452152

Description:

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x HIGH 7

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 7 HIGH Released CLSA-2024:1725293298 2024-09-02 12:16:41
AlmaLinux 9.2 FIPS kernel 5.14.0 7 HIGH Released CLSA-2024:1725304408 2024-09-02 17:27:33
CentOS 6 ELS kernel 2.6.32 7 HIGH Not Vulnerable 2024-07-31 14:29:25
CentOS 7 ELS kernel 3.10.0 7 HIGH Not Vulnerable 2024-08-21 12:20:32
CentOS 8.4 ELS kernel 4.18.0 7 HIGH Released CLSA-2024:1725872696 2024-09-09 05:27:53
CentOS 8.5 ELS kernel 4.18.0 7 HIGH Released CLSA-2024:1725876080 2024-09-09 12:18:08
CentOS Stream 8 ELS kernel 4.18.0 7 HIGH Released CLSA-2024:1725871927 2024-09-09 05:27:52
CloudLinux 6 ELS kernel 2.6.32 7 HIGH Not Vulnerable 2024-07-31 14:29:25
CloudLinux 7 ELS kernel 3.10.0 7 HIGH Needs Triage 2024-09-03 12:13:36
Oracle Linux 6 ELS kernel 2.6.32 7 HIGH Not Vulnerable 2024-07-31 14:29:25
Total: 12