CVE-2024-27017
MEDIUMLinux Kernel - Use-After-Free in nft_set_pipapo Netlink Dump
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view of the datastructure is to be used. Add notation to specify if user wants to read/update the set. Based on patch from Florian Westphal.
References (11)
Core 11
Core References
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/
Scores
CVSS v3
5.5
EPSS
0.0001
EPSS Percentile
1.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
Status
published
Products (29)
fedoraproject/fedora
38
fedoraproject/fedora
39
fedoraproject/fedora
40
linux/Kernel
< 5.10.227linux
linux/Kernel
5.11.0 - 5.15.168linux
linux/Kernel
5.16.0 - 6.1.112linux
linux/Kernel
6.2.0 - 6.6.53linux
linux/Kernel
6.4.0 - 6.8.8linux
Linux/Linux
< 6.4
Linux/Linux
0d836f917520300a8725a5dbdad4406438d0cead - 52735a010f37580b3a569a996f878fdd87425650
... and 19 more
Published
May 01, 2024
Tracked Since
Feb 18, 2026