Updated:
Description:
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject new basechain after table flag update When dormant flag is toggled, hooks are disabled in the commit phase by iterating over current chains in table (existing and new). The following configuration allows for an inconsistent state: add table x add chain x y { type filter hook input priority 0; } add table x { flags dormant; } add chain x w { type filter hook input priority 1; } which triggers the following warning when trying to unregister chain w which is already unregistered. [ 127.322252] WARNING: CPU: 7 PID: 1211 at net/netfilter/core.c:50 1 __nf_unregister_net_hook+0x21a/0x260 [...] [ 127.322519] Call Trace: [ 127.322521] <TASK> [ 127.322524] ? __warn+0x9f/0x1a0 [ 127.322531] ? __nf_unregister_net_hook+0x21a/0x260 [ 127.322537] ? report_bug+0x1b1/0x1e0 [ 127.322545] ? handle_bug+0x3c/0x70 [ 127.322552] ? exc_invalid_op+0x17/0x40 [ 127.322556] ? asm_exc_invalid_op+0x1a/0x20 [ 127.322563] ? kasan_save_free_info+0x3b/0x60 [ 127.322570] ? __nf_unregister_net_hook+0x6a/0x260 [ 127.322577] ? __nf_unregister_net_hook+0x21a/0x260 [ 127.322583] ? __nf_unregister_net_hook+0x6a/0x260 [ 127.322590] ? __nf_tables_unregister_hook+0x8a/0xe0 [nf_tables] [ 127.322655] nft_table_disable+0x75/0xf0 [nf_tables] [ 127.322717] nf_tables_commit+0x2571/0x2620 [nf_tables]
CVSS3: 5.5
OS | Vendor version | Errata |
---|---|---|
RHEL 8 | 4.18.0-553.16.1.el8_10 | RHSA-2024:5101 |
Oracle Linux 8 | 4.18.0-553.16.1.el8_10 | ELSA-2024-5101 |
Ubuntu 20.04 | 5.4.0-189.209 | USN-6896-1 |
Ubuntu 20.04 AWS | 5.4.0-1128.138 | USN-6896-5 |
AlmaLinux 8 | 4.18.0-553.16.1.el8_10 | ALSA-2024:5101 |
Ubuntu 20.04 Azure | 5.4.0-1133.140 | USN-6896-1 |
Rocky Linux 8 | 4.18.0-553.16.1.el8_10 | RLSA-2024:5101 |
Ubuntu 22.04 | 5.15.0-116.126 | USN-6898-1 |
Ubuntu 22.04 AWS | 5.15.0-1065.71 | USN-6898-3 |
Ubuntu 22.04 Azure | 5.15.0-1068.77 | USN-6917-1 |
RHEL 9 | 5.14.0-503.11.1.el9_5 | RHSA-2024:9315 |
Ubuntu 20.04 HWE Azure | 5.15.0-1068.77~20.04.1 | USN-6917-1 |
Ubuntu 20.04 GCP | 5.4.0-1132.141 | USN-6896-1 |
Ubuntu 24.04 | 6.8.0-38.38 | USN-6893-1 |
OS | Original kernel version | State |
---|---|---|
RHEL 8 |
4.18.0-553.el8_10
show all
hide all
4.18.0-553.5.1.el8_10
4.18.0-553.8.1.el8_10
|
Released |
Oracle Linux 8 |
4.18.0-553.el8_10
show all
hide all
4.18.0-553.5.1.el8_10
4.18.0-553.8.1.el8_10
|
Released |
CloudLinux OS 8 |
4.18.0-553.lve.el8
show all
hide all
4.18.0-553.5.1.lve.el8
4.18.0-544.lve.el8
4.18.0-553.5.1.lve.1.el8
4.18.0-553.8.1.lve.el8
|
Released |
CloudLinux OS 7h |
4.18.0-553.lve.el7h
show all
hide all
4.18.0-553.5.1.lve.el7h
4.18.0-553.8.1.lve.el7h
4.18.0-553.5.1.lve.1.el7h
|
Released |
Ubuntu 20.04 | |
In Progress |
Ubuntu 20.04 AWS | |
Planned |
AlmaLinux 8 |
4.18.0-553.el8_10
show all
hide all
4.18.0-553.5.1.el8_10
4.18.0-553.8.1.el8_10
|
Released |
Ubuntu 20.04 Azure | |
In Progress |
Rocky Linux 8 |
4.18.0-553.el8_10
show all
hide all
4.18.0-553.5.1.el8_10
4.18.0-553.8.1.el8_10
|
Released |
Ubuntu 22.04 | |
Ready For Release |
Ubuntu 22.04 AWS | |
Planned |
Ubuntu 22.04 Azure | |
Planned |
RHEL 9 | |
Ready For Release |
Ubuntu 20.04 HWE Azure | |
Planned |
Ubuntu 20.04 GCP | |
In Progress |
Ubuntu 24.04 | |
Planned |