CVE-2024-35897
MEDIUMLinux Kernel - Use-After-Free in Netfilter nf_tables Basechain Deletion
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: discard table flag update with pending basechain deletion Hook unregistration is deferred to the commit phase, same occurs with hook updates triggered by the table dormant flag. When both commands are combined, this results in deleting a basechain while leaving its hook still registered in the core.
References (10)
Core 10
Core References
Third Party Advisory, Mailing List
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Scores
CVSS v3
5.5
EPSS
0.0001
EPSS Percentile
1.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
Status
published
Products (29)
debian/debian_linux
10.0
linux/Kernel
< 5.4.274linux
linux/Kernel
5.11.0 - 5.15.155linux
linux/Kernel
5.13.0 - 6.1.86linux
linux/Kernel
5.16.0 - 6.6.26linux
linux/Kernel
5.5.0 - 5.10.215linux
linux/Kernel
6.2.0 - 6.8.5linux
Linux/Linux
< 5.13
Linux/Linux
179d9ba5559a756f4322583388b3213fe4e391b0 - 1bc83a019bbe268be3526406245ec28c2458a518
Linux/Linux
179d9ba5559a756f4322583388b3213fe4e391b0 - 2aeb805a1bcd5f27c8c0d1a9d4d653f16d1506f4
... and 19 more
Published
May 19, 2024
Tracked Since
Feb 18, 2026