CVE-2024-26835

Summary

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: set dormant flag on hook register failure

We need to set the dormant flag again if we fail to register the hooks.

During memory pressure hook registration can fail and we end up with a table marked as active but no registered hooks.

On table/base chain deletion, nf_tables will attempt to unregister the hook again which yields a warn splat from the nftables core.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxbf8083bbf8fa202e6e5316bbd99759ab82bfe7a3 < a6411f3c48f991c19aaf9a24fce36865fbba28d7affected
LinuxLinuxe10f661adc556c4969c70ddaddf238bffdaf1e87 < ae4360cbd385f0d7a8a86d5723e50448cc6318f3affected
LinuxLinuxd9c4da8cb74e8ee6e58a064a3573aa37acf6c935 < 31ea574aeca1aa488e18716459bde057217637afaffected
LinuxLinux179d9ba5559a756f4322583388b3213fe4e391b0 < 664264a5c55bf97a9c571c557d477b75416199beaffected
LinuxLinux179d9ba5559a756f4322583388b3213fe4e391b0 < 0c9302a6da262e6ab6a6c1d30f04a6130ed97376affected
LinuxLinux179d9ba5559a756f4322583388b3213fe4e391b0 < f2135bbf14949687e96cabb13d8a91ae3deb9069affected
LinuxLinux179d9ba5559a756f4322583388b3213fe4e391b0 < 6f2496366426cec18ba53f1c7f6c3ac307ca6a95affected
LinuxLinux179d9ba5559a756f4322583388b3213fe4e391b0 < bccebf64701735533c8db37773eeacc6566cc8ecaffected
LinuxLinux5.4.262 < 5.4.270affected
LinuxLinux5.10.202 < 5.10.211affected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux5.4.270 <= 5.4.*unaffected
LinuxLinux5.10.211 <= 5.10.*unaffected
LinuxLinux5.15.150 <= 5.15.*unaffected
LinuxLinux6.1.80 <= 6.1.*unaffected
LinuxLinux6.6.19 <= 6.6.*unaffected
LinuxLinux6.7.7 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References