CVE-2024-26835

MEDIUM

Linux Kernel - Use-After-Free in Netfilter nf_tables Hook Registration

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: set dormant flag on hook register failure We need to set the dormant flag again if we fail to register the hooks. During memory pressure hook registration can fail and we end up with a table marked as active but no registered hooks. On table/base chain deletion, nf_tables will attempt to unregister the hook again which yields a warn splat from the nftables core.

References (9)

Core 9

Scores

CVSS v3 5.5
EPSS 0.0001
EPSS Percentile 1.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (28)
debian/debian_linux 10.0
linux/Kernel < 5.4.270linux
linux/Kernel 5.11.0 - 5.15.150linux
linux/Kernel 5.13.0 - 6.1.80linux
linux/Kernel 5.16.0 - 6.6.19linux
linux/Kernel 5.5.0 - 5.10.211linux
linux/Kernel 6.2.0 - 6.7.7linux
Linux/Linux < 5.13
Linux/Linux 179d9ba5559a756f4322583388b3213fe4e391b0 - 0c9302a6da262e6ab6a6c1d30f04a6130ed97376
Linux/Linux 179d9ba5559a756f4322583388b3213fe4e391b0 - 664264a5c55bf97a9c571c557d477b75416199be
... and 18 more
Published Apr 17, 2024
Tracked Since Feb 18, 2026