CVE-2024-39503

Updated:

Description:

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type Lion Ackermann reported that there is a race condition between namespace cleanup in ipset and the garbage collection of the list:set type. The namespace cleanup can destroy the list:set type of sets while the gc of the set type is waiting to run in rcu cleanup. The latter uses data from the destroyed set which thus leads use after free. The patch contains the following parts: - When destroying all sets, first remove the garbage collectors, then wait if needed and then destroy the sets. - Fix the badly ordered "wait then remove gc" for the destroy a single set case. - Fix the missing rcu locking in the list:set type in the userspace test case. - Use proper RCU list handlings in the list:set type. The patch depends on c1193d9bbbd3 (netfilter: ipset: Add list flush to cancel_gc).

CVSS3: 5.5


Vendor State

OS Vendor version Errata
RHEL 8 4.18.0-553.27.1.el8_10 RHSA-2024:8856
Oracle Linux 8 4.18.0-553.27.1.el8_10 ELSA-2024-8856
Ubuntu 20.04 5.4.0-195.215 USN-7003-1
Oracle Linux 7 UEK 6 5.4.17-2136.334.6.el7uek ELSA-2024-12581
Oracle Linux 8 UEK 6 5.4.17-2136.334.6.el8uek ELSA-2024-12581
Ubuntu 20.04 AWS 5.4.0-1132.142 USN-7003-1
AlmaLinux 8 4.18.0-553.27.1.el8_10 ALSA-2024:8856
Ubuntu 20.04 Azure 5.4.0-1137.144 USN-7003-1
Rocky Linux 8 4.18.0-553.27.1.el8_10 RLSA-2024:8856
Debian 11 5.10.221-1 DSA-5730-1
Ubuntu 22.04 5.15.0-121.131 USN-7007-1
Ubuntu 22.04 AWS 5.15.0-1069.75 USN-7007-1
Ubuntu 22.04 Azure 5.15.0-1072.81 USN-7009-1
RHEL 9 5.14.0-503.11.1.el9_5 RHSA-2024:9315
Debian 11 cloud 5.10.221-1 DSA-5730-1
Ubuntu 20.04 HWE AWS 5.15.0-1069.75~20.04.1 USN-7007-1
Ubuntu 20.04 HWE Azure 5.15.0-1072.81~20.04.1 USN-7009-1
Ubuntu 20.04 GCP 5.4.0-1136.145 USN-7003-1
Debian 12 6.1.99-1 DSA-5731-1
Ubuntu 24.04 6.8.0-44.44 USN-6999-1

KernelCare State

OS Original kernel version State
Ubuntu 18.04 HWE Focal
Planned
RHEL 8
4.18.0-553.8.1.el8_10 show all hide all
4.18.0-553.16.1.el8_10 4.18.0-553.22.1.el8_10
Released
Oracle Linux 8
4.18.0-553.8.1.el8_10 show all hide all
4.18.0-553.16.1.el8_10 4.18.0-553.22.1.el8_10
Released
CloudLinux OS 8
4.18.0-553.8.1.lve.el8 show all hide all
4.18.0-553.16.1.lve.el8 4.18.0-553.16.1.lve.1.el8 4.18.0-553.22.1.lve.el8 4.18.0-553.22.1.lve.1.el8
Released
CloudLinux OS 7h
4.18.0-553.8.1.lve.el7h show all hide all
4.18.0-553.16.1.lve.el7h 4.18.0-553.22.1.lve.el7h 4.18.0-553.16.1.lve.1.el7h 4.18.0-553.22.1.lve.1.el7h
Released
Ubuntu 20.04
Planned
Oracle Linux 7 UEK 6
5.4.17-2136.329.3.1.el7uek show all hide all
5.4.17-2136.329.3.2.el7uek 5.4.17-2136.330.7.1.el7uek 5.4.17-2136.331.7.el7uek 5.4.17-2136.330.7.4.el7uek 5.4.17-2136.332.5.2.el7uek 5.4.17-2136.333.5.el7uek 5.4.17-2136.330.7.5.el7uek 5.4.17-2136.333.5.1.el7uek
Released
Oracle Linux 8 UEK 6
5.4.17-2136.329.3.1.el8uek show all hide all
5.4.17-2136.329.3.2.el8uek 5.4.17-2136.330.7.1.el8uek 5.4.17-2136.331.7.el8uek 5.4.17-2136.330.7.4.el8uek 5.4.17-2136.332.5.2.el8uek 5.4.17-2136.333.5.el8uek 5.4.17-2136.330.7.5.el8uek 5.4.17-2136.333.5.1.el8uek
Released
Ubuntu 18.04 AWS Focal
Planned
Ubuntu 18.04 Azure Focal
Planned
Ubuntu 20.04 AWS
Planned
AlmaLinux 8
4.18.0-553.8.1.el8_10 show all hide all
4.18.0-553.16.1.el8_10 4.18.0-553.22.1.el8_10
Released
Ubuntu 20.04 Azure
Planned
Rocky Linux 8
4.18.0-553.8.1.el8_10 show all hide all
4.18.0-553.16.1.el8_10 4.18.0-553.22.1.el8_10
Released
Debian 11
In Progress
Ubuntu 22.04
Ready For Release
Ubuntu 22.04 AWS
Ready For Release
Ubuntu 22.04 Azure
Planned
RHEL 9
In Progress
Debian 11 cloud
In Progress
Ubuntu 20.04 HWE AWS
Ready For Release
Ubuntu 20.04 HWE Azure
Planned
Ubuntu 20.04 GCP
Planned
Debian 12
Planned
Ubuntu 24.04
Planned