CVE-2024-26809

Summary

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_pipapo: release elements in clone only from destroy path

Clone already always provides a current view of the lookup table, use it to destroy the set, otherwise it is possible to destroy elements twice.

This fix requires:

212ed75dc5fb ("netfilter: nf_tables: integrate pipapo into commit protocol")

which came after:

9827a0e6e23b ("netfilter: nft_set_pipapo: release elements in clone from abort path").

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4a6430b99f67842617c7208ca55a411e903ba03a < b36b83297ff4910dfc8705402c8abffd4bbf8144affected
LinuxLinux5ccecafc728b0df48263d5ac198220bcd79830bc < 362508506bf545e9ce18c72a2c48dcbfb891ab9caffected
LinuxLinux9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e < 5ad233dc731ab64cdc47b84a5c1f78fff6c024afaffected
LinuxLinux9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e < ff90050771412b91e928093ccd8736ae680063c2affected
LinuxLinux9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e < 821e28d5b506e6a73ccc367ff792bd894050d48baffected
LinuxLinux9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e < 9384b4d85c46ce839f51af01374062ce6318b2f2affected
LinuxLinux9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e < b0e256f3dd2ba6532f37c5c22e07cb07a36031eeaffected
LinuxLinuxd2b18d110685ce46ca1633b8ec586c685e243a51affected
LinuxLinux5.10.130 < 5.10.214affected
LinuxLinux5.15.54 < 5.15.153affected
LinuxLinux5.18.11 < 5.19affected
LinuxLinux5.19affected
LinuxLinux0 < 5.19unaffected
LinuxLinux5.10.214 <= 5.10.*unaffected
LinuxLinux5.15.153 <= 5.15.*unaffected
LinuxLinux6.1.83 <= 6.1.*unaffected
LinuxLinux6.6.23 <= 6.6.*unaffected
LinuxLinux6.7.11 <= 6.7.*unaffected
LinuxLinux6.8.2 <= 6.8.*unaffected
LinuxLinux6.9 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References