VIR Vulnerability Intelligence Relay

CVE-2024-26925

medium
Published 2024-08-28 Β· Modified 2024-11-03
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
5.5

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called.

Predictions

Exploit likelihood
55%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata β€” Red Hat Inc. Β· View original β†— Β· Open-Errata-API

Description kernel: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path CVSS v3: 7.0 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:51022024-08-08T00:00:00Z Red Hat Enterprise Linux…

Description

kernel: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path

CVSS v3: 7.0 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10RHSA-2024:51022024-08-08T00:00:00Z
Red Hat Enterprise Linux 8kernel-0:4.18.0-553.16.1.el8_10RHSA-2024:51012024-08-08T00:00:00Z
Red Hat Enterprise Linux 9kernel-0:5.14.0-427.33.1.el9_4RHSA-2024:59282024-08-28T00:00:00Z
Red Hat Enterprise Linux 9kernel-0:5.14.0-427.33.1.el9_4RHSA-2024:59282024-08-28T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Supportkernel-0:5.14.0-284.75.1.el9_2RHSA-2024:48232024-07-24T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Supportkernel-rt-0:5.14.0-284.75.1.rt14.360.el9_2RHSA-2024:48312024-07-24T00:00:00Z

Package state

ProductPackageState
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 9kernel-rtAffected

Apply commands

bash fix
Apply RHSA-2024:5102 for Red Hat Enterprise Linux 8
yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rt

Affected

VendorProductVersion
redhatRed Hat Enterprise Linux 9Affected

OS impact
OSVersionStatusFixed in
redhat rhel9fixed
rockylinux rocky8fixed
suse slesaffected
debian debianbookwormfixed6.1.90-1
debian debianbullseyefixed5.10.216-1
debian debianforkyfixed6.8.9-1
debian debiansidfixed6.8.9-1
debian debiantrixiefixed6.8.9-1
debian debian10.0affected
linux linux-kernelaffected4.20
linux linux-kernel6.5affected
linux linux-kernel6.9affected
almalinux almalinux8fixedkernel-doc-4.18.0-553.16.1.el8_10.noarch.rpm
almalinux almalinux9fixedperf-5.14.0-427.33.1.el9_4.aarch64.rpm

References

CWEs

CWE-667

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.