CVE-2024-27397

Updated: 2025-11-10 02:49:51.711116

Description:

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to use the timestamp, this avoids that an element expires while control plane transaction is still unfinished. .lookup and .update, which are used from packet path, still use the current time to check if the element has expired. And .get path and dump also since this runs lockless under rcu read size lock. Then, there is async gc which also needs to check the current time since it runs asynchronously from a workqueue.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x HIGH 7.0

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU kernel 5.14.0 7.0 HIGH Released CLSA-2025:1743193221 2024-09-02 17:30:26
CentOS 6 ELS kernel 2.6.32 7.0 HIGH Not Vulnerable 2024-08-22 12:24:16
CentOS 7 ELS kernel 3.10.0 7.0 HIGH Not Vulnerable 2024-08-29 12:17:59
CentOS 8.4 ELS kernel 4.18.0 7.0 HIGH Released CLSA-2024:1725872696 2024-09-09 05:30:52
CentOS 8.5 ELS kernel 4.18.0 7.0 HIGH Released CLSA-2024:1725876080 2024-09-09 12:21:20
CentOS Stream 8 ELS kernel 4.18.0 7.0 HIGH Released CLSA-2024:1725871927 2024-09-09 05:30:51
CloudLinux 6 ELS kernel 2.6.32 7.0 HIGH Not Vulnerable 2024-08-22 12:24:16
Oracle Linux 6 ELS kernel 2.6.32 7.0 HIGH Not Vulnerable 2024-08-22 12:24:16
Oracle Linux 7 ELS kernel-uek 5.4.17 7.0 HIGH Already Fixed 2025-10-14 17:14:58
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.0 HIGH Released CLSA-2024:1731603700 2024-11-14 16:34:45
Total: 12