Updated:
Description:
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type Lion Ackermann reported that there is a race condition between namespace cleanup in ipset and the garbage collection of the list:set type. The namespace cleanup can destroy the list:set type of sets while the gc of the set type is waiting to run in rcu cleanup. The latter uses data from the destroyed set which thus leads use after free. The patch contains the following parts: - When destroying all sets, first remove the garbage collectors, then wait if needed and then destroy the sets. - Fix the badly ordered "wait then remove gc" for the destroy a single set case. - Fix the missing rcu locking in the list:set type in the userspace test case. - Use proper RCU list handlings in the list:set type. The patch depends on c1193d9bbbd3 (netfilter: ipset: Add list flush to cancel_gc).
CVSS3: 5.5
OS | Vendor version | Errata |
---|---|---|
RHEL 8 | 4.18.0-553.27.1.el8_10 | RHSA-2024:8856 |
Oracle Linux 8 | 4.18.0-553.27.1.el8_10 | ELSA-2024-8856 |
Ubuntu 20.04 | 5.4.0-195.215 | USN-7003-1 |
Oracle Linux 7 UEK 6 | 5.4.17-2136.334.6.el7uek | ELSA-2024-12581 |
Oracle Linux 8 UEK 6 | 5.4.17-2136.334.6.el8uek | ELSA-2024-12581 |
Ubuntu 20.04 AWS | 5.4.0-1132.142 | USN-7003-1 |
AlmaLinux 8 | 4.18.0-553.27.1.el8_10 | ALSA-2024:8856 |
Ubuntu 20.04 Azure | 5.4.0-1137.144 | USN-7003-1 |
Rocky Linux 8 | 4.18.0-553.27.1.el8_10 | RLSA-2024:8856 |
Debian 11 | 5.10.221-1 | DSA-5730-1 |
Ubuntu 22.04 | 5.15.0-121.131 | USN-7007-1 |
Ubuntu 22.04 AWS | 5.15.0-1069.75 | USN-7007-1 |
Ubuntu 22.04 Azure | 5.15.0-1072.81 | USN-7009-1 |
RHEL 9 | 5.14.0-503.11.1.el9_5 | RHSA-2024:9315 |
Debian 11 cloud | 5.10.221-1 | DSA-5730-1 |
Ubuntu 20.04 HWE AWS | 5.15.0-1069.75~20.04.1 | USN-7007-1 |
Ubuntu 20.04 HWE Azure | 5.15.0-1072.81~20.04.1 | USN-7009-1 |
Ubuntu 20.04 GCP | 5.4.0-1136.145 | USN-7003-1 |
Debian 12 | 6.1.99-1 | DSA-5731-1 |
Ubuntu 24.04 | 6.8.0-44.44 | USN-6999-1 |
OS | Original kernel version | State |
---|---|---|
Ubuntu 18.04 HWE Focal | |
Planned |
RHEL 8 |
4.18.0-553.8.1.el8_10
show all
hide all
4.18.0-553.16.1.el8_10
4.18.0-553.22.1.el8_10
|
Released |
Oracle Linux 8 |
4.18.0-553.8.1.el8_10
show all
hide all
4.18.0-553.16.1.el8_10
4.18.0-553.22.1.el8_10
|
Released |
CloudLinux OS 8 |
4.18.0-553.8.1.lve.el8
show all
hide all
4.18.0-553.16.1.lve.el8
4.18.0-553.16.1.lve.1.el8
4.18.0-553.22.1.lve.el8
4.18.0-553.22.1.lve.1.el8
|
Released |
CloudLinux OS 7h |
4.18.0-553.8.1.lve.el7h
show all
hide all
4.18.0-553.16.1.lve.el7h
4.18.0-553.22.1.lve.el7h
4.18.0-553.16.1.lve.1.el7h
4.18.0-553.22.1.lve.1.el7h
|
Released |
Ubuntu 20.04 | |
Planned |
Oracle Linux 7 UEK 6 |
5.4.17-2136.329.3.1.el7uek
show all
hide all
5.4.17-2136.329.3.2.el7uek
5.4.17-2136.330.7.1.el7uek
5.4.17-2136.331.7.el7uek
5.4.17-2136.330.7.4.el7uek
5.4.17-2136.332.5.2.el7uek
5.4.17-2136.333.5.el7uek
5.4.17-2136.330.7.5.el7uek
5.4.17-2136.333.5.1.el7uek
|
Released |
Oracle Linux 8 UEK 6 |
5.4.17-2136.329.3.1.el8uek
show all
hide all
5.4.17-2136.329.3.2.el8uek
5.4.17-2136.330.7.1.el8uek
5.4.17-2136.331.7.el8uek
5.4.17-2136.330.7.4.el8uek
5.4.17-2136.332.5.2.el8uek
5.4.17-2136.333.5.el8uek
5.4.17-2136.330.7.5.el8uek
5.4.17-2136.333.5.1.el8uek
|
Released |
Ubuntu 18.04 AWS Focal | |
Planned |
Ubuntu 18.04 Azure Focal | |
Planned |
Ubuntu 20.04 AWS | |
Planned |
AlmaLinux 8 |
4.18.0-553.8.1.el8_10
show all
hide all
4.18.0-553.16.1.el8_10
4.18.0-553.22.1.el8_10
|
Released |
Ubuntu 20.04 Azure | |
Planned |
Rocky Linux 8 |
4.18.0-553.8.1.el8_10
show all
hide all
4.18.0-553.16.1.el8_10
4.18.0-553.22.1.el8_10
|
Released |
Debian 11 | |
In Progress |
Ubuntu 22.04 | |
Ready For Release |
Ubuntu 22.04 AWS | |
Ready For Release |
Ubuntu 22.04 Azure | |
Planned |
RHEL 9 | |
In Progress |
Debian 11 cloud | |
In Progress |
Ubuntu 20.04 HWE AWS | |
Ready For Release |
Ubuntu 20.04 HWE Azure | |
Planned |
Ubuntu 20.04 GCP | |
Planned |
Debian 12 | |
Planned |
Ubuntu 24.04 | |
Planned |