CVE-2024-26910

MEDIUM

Linux Kernel < 5.4.269, 5.5.0-6.7.6 - Netfilter IPSet Swap Race Condition

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix performance regression in swap operation The patch "netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test", commit 28628fa9 fixes a race condition. But the synchronize_rcu() added to the swap function unnecessarily slows it down: it can safely be moved to destroy and use call_rcu() instead. Eric Dumazet pointed out that simply calling the destroy functions as rcu callback does not work: sets with timeout use garbage collectors which need cancelling at destroy which can wait. Therefore the destroy functions are split into two: cancelling garbage collectors safely at executing the command received by netlink and moving the remaining part only into the rcu callback.

References (8)

Core 8

Scores

CVSS v3 4.7
EPSS 0.0018
EPSS Percentile 7.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-362
Status published
Products (30)
linux/Kernel < 5.4.269linux
linux/Kernel 5.11.0 - 5.15.149linux
linux/Kernel 5.16.0 - 6.1.79linux
linux/Kernel 5.5.0 - 5.10.210linux
linux/Kernel 6.2.0 - 6.6.18linux
linux/Kernel 6.7.0 - 6.7.6linux
Linux/Linux < 6.7
Linux/Linux 23c31036f862582f98386120aee55c9ae23d7899 - b93a6756a01f4fd2f329a39216f9824c56a66397
Linux/Linux 28628fa952fefc7f2072ce6e8016968cc452b1ba - 970709a67696b100a57b33af1a3d75fc34b747eb
Linux/Linux 28628fa952fefc7f2072ce6e8016968cc452b1ba - 97f7cf1cd80eeed3b7c808b7c12463295c751001
... and 20 more
Published Apr 17, 2024
Tracked Since Feb 18, 2026