CVE-2024-26925 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Enterprise Linux Rhel Eus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2024:5102	2024-08-08T00:00:00Z
kernel-0:4.18.0-553.16.1.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:5101	2024-08-08T00:00:00Z
Red Hat Enterprise Linux 9
kernel-0:5.14.0-427.33.1.el9_4	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:5928	2024-08-28T00:00:00Z
kernel-0:5.14.0-427.33.1.el9_4	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:5928	2024-08-28T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
kernel-0:5.14.0-284.75.1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:4823	2024-07-24T00:00:00Z
kernel-rt-0:5.14.0-284.75.1.rt14.360.el9_2	cpe:/a:redhat:rhel_eus:9.2::nfv	RHSA-2024:4831	2024-07-24T00:00:00Z

References

Link	Providers
https://git.kernel.org/stable/c/0d459e2ffb541841714839e8228b845458ed3b27
https://git.kernel.org/stable/c/2cee2ff7f8cce12a63a0a23ffe27f08d99541494
https://git.kernel.org/stable/c/61ac7284346c32f9a8c8ceac56102f7914060428
https://git.kernel.org/stable/c/8038ee3c3e5b59bcd78467686db5270c68544e30
https://git.kernel.org/stable/c/8d3a58af50e46167b6f1db47adadad03c0045dae
https://git.kernel.org/stable/c/a34ba4bdeec0c3b629160497594908dc820110f1
https://git.kernel.org/stable/c/eb769ff4e281f751adcaf4f4445cbf30817be139
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lore.kernel.org/linux-cve-announce/2024042421-CVE-2024-26925-7c19@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-26925
https://www.cve.org/CVERecord?id=CVE-2024-26925

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Tue, 05 Nov 2024 10:45:00 +0000

Type	Values Removed	Values Added
References	https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 28 Aug 2024 23:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9

Thu, 08 Aug 2024 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8::nfv cpe:/o:redhat:enterprise_linux:8
Vendors & Products		Redhat enterprise Linux

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-04-24T21:49:23.251Z

Updated: 2025-05-04T12:55:12.223Z

Reserved: 2024-02-19T14:20:24.194Z

Link: CVE-2024-26925

Vulnrichment

Updated: 2024-08-02T00:21:05.900Z

NVD

Status : Awaiting Analysis

Published: 2024-04-25T06:15:57.590

Modified: 2024-11-21T09:03:23.883

Link: CVE-2024-26925

Redhat

Severity : Moderate

Publid Date: 2024-04-24T00:00:00Z

Links: CVE-2024-26925 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-26925", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.194Z", "datePublished": "2024-04-24T21:49:23.251Z", "dateUpdated": "2025-05-04T12:55:12.223Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:55:12.223Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: release mutex after nft_gc_seq_end from abort path\n\nThe commit mutex should not be released during the critical section\nbetween nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC\nworker could collect expired objects and get the released commit lock\nwithin the same GC sequence.\n\nnf_tables_module_autoload() temporarily releases the mutex to load\nmodule dependencies, then it goes back to replay the transaction again.\nMove it at the end of the abort phase after nft_gc_seq_end() is called."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nf_tables_api.c"], "versions": [{"version": "4b6346dc1edfb9839d6edee7360ed31a22fa6c95", "lessThan": "61ac7284346c32f9a8c8ceac56102f7914060428", "status": "affected", "versionType": "git"}, {"version": "23292bdfda5f04e704a843b8f97b0eb95ace1ca6", "lessThan": "2cee2ff7f8cce12a63a0a23ffe27f08d99541494", "status": "affected", "versionType": "git"}, {"version": "b44a459c6561595ed7c3679599c5279204132b33", "lessThan": "eb769ff4e281f751adcaf4f4445cbf30817be139", "status": "affected", "versionType": "git"}, {"version": "5d319f7a81431c6bb32eb4dc7d7975f99e2c8c66", "lessThan": "8d3a58af50e46167b6f1db47adadad03c0045dae", "status": "affected", "versionType": "git"}, {"version": "720344340fb9be2765bbaab7b292ece0a4570eae", "lessThan": "8038ee3c3e5b59bcd78467686db5270c68544e30", "status": "affected", "versionType": "git"}, {"version": "720344340fb9be2765bbaab7b292ece0a4570eae", "lessThan": "a34ba4bdeec0c3b629160497594908dc820110f1", "status": "affected", "versionType": "git"}, {"version": "720344340fb9be2765bbaab7b292ece0a4570eae", "lessThan": "0d459e2ffb541841714839e8228b845458ed3b27", "status": "affected", "versionType": "git"}, {"version": "f85ca36090cbb252bcbc95fc74c2853fc792694f", "status": "affected", "versionType": "git"}, {"version": "e07e68823116563bdbc49cef185cda6f463bc534", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nf_tables_api.c"], "versions": [{"version": "6.5", "status": "affected"}, {"version": "0", "lessThan": "6.5", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.274", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.215", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.155", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.86", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.26", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.5", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.262", "versionEndExcluding": "5.4.274"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.198", "versionEndExcluding": "5.10.215"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.134", "versionEndExcluding": "5.15.155"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.56", "versionEndExcluding": "6.1.86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "6.6.26"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "6.8.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5", "versionEndExcluding": "6.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19.316"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4.13"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/61ac7284346c32f9a8c8ceac56102f7914060428"}, {"url": "https://git.kernel.org/stable/c/2cee2ff7f8cce12a63a0a23ffe27f08d99541494"}, {"url": "https://git.kernel.org/stable/c/eb769ff4e281f751adcaf4f4445cbf30817be139"}, {"url": "https://git.kernel.org/stable/c/8d3a58af50e46167b6f1db47adadad03c0045dae"}, {"url": "https://git.kernel.org/stable/c/8038ee3c3e5b59bcd78467686db5270c68544e30"}, {"url": "https://git.kernel.org/stable/c/a34ba4bdeec0c3b629160497594908dc820110f1"}, {"url": "https://git.kernel.org/stable/c/0d459e2ffb541841714839e8228b845458ed3b27"}], "title": "netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.900Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/61ac7284346c32f9a8c8ceac56102f7914060428", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2cee2ff7f8cce12a63a0a23ffe27f08d99541494", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/eb769ff4e281f751adcaf4f4445cbf30817be139", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8d3a58af50e46167b6f1db47adadad03c0045dae", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8038ee3c3e5b59bcd78467686db5270c68544e30", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a34ba4bdeec0c3b629160497594908dc820110f1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0d459e2ffb541841714839e8228b845458ed3b27", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26925", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:46:30.592135Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:12.845Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/61ac7284346c32f9a8c8ceac56102f7914060428", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2cee2ff7f8cce12a63a0a23ffe27f08d99541494", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/eb769ff4e281f751adcaf4f4445cbf30817be139", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8d3a58af50e46167b6f1db47adadad03c0045dae", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8038ee3c3e5b59bcd78467686db5270c68544e30", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/a34ba4bdeec0c3b629160497594908dc820110f1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0d459e2ffb541841714839e8228b845458ed3b27", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.900Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26925", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:46:30.592135Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:15.396Z"}}], "cna": {"title": "netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4b6346dc1edfb9839d6edee7360ed31a22fa6c95", "lessThan": "61ac7284346c32f9a8c8ceac56102f7914060428", "versionType": "git"}, {"status": "affected", "version": "23292bdfda5f04e704a843b8f97b0eb95ace1ca6", "lessThan": "2cee2ff7f8cce12a63a0a23ffe27f08d99541494", "versionType": "git"}, {"status": "affected", "version": "b44a459c6561595ed7c3679599c5279204132b33", "lessThan": "eb769ff4e281f751adcaf4f4445cbf30817be139", "versionType": "git"}, {"status": "affected", "version": "5d319f7a81431c6bb32eb4dc7d7975f99e2c8c66", "lessThan": "8d3a58af50e46167b6f1db47adadad03c0045dae", "versionType": "git"}, {"status": "affected", "version": "720344340fb9be2765bbaab7b292ece0a4570eae", "lessThan": "8038ee3c3e5b59bcd78467686db5270c68544e30", "versionType": "git"}, {"status": "affected", "version": "720344340fb9be2765bbaab7b292ece0a4570eae", "lessThan": "a34ba4bdeec0c3b629160497594908dc820110f1", "versionType": "git"}, {"status": "affected", "version": "720344340fb9be2765bbaab7b292ece0a4570eae", "lessThan": "0d459e2ffb541841714839e8228b845458ed3b27", "versionType": "git"}, {"status": "affected", "version": "f85ca36090cbb252bcbc95fc74c2853fc792694f", "versionType": "git"}, {"status": "affected", "version": "e07e68823116563bdbc49cef185cda6f463bc534", "versionType": "git"}], "programFiles": ["net/netfilter/nf_tables_api.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.5"}, {"status": "unaffected", "version": "0", "lessThan": "6.5", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.274", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.215", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.155", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.86", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.26", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.5", "versionType": "semver", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/netfilter/nf_tables_api.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/61ac7284346c32f9a8c8ceac56102f7914060428"}, {"url": "https://git.kernel.org/stable/c/2cee2ff7f8cce12a63a0a23ffe27f08d99541494"}, {"url": "https://git.kernel.org/stable/c/eb769ff4e281f751adcaf4f4445cbf30817be139"}, {"url": "https://git.kernel.org/stable/c/8d3a58af50e46167b6f1db47adadad03c0045dae"}, {"url": "https://git.kernel.org/stable/c/8038ee3c3e5b59bcd78467686db5270c68544e30"}, {"url": "https://git.kernel.org/stable/c/a34ba4bdeec0c3b629160497594908dc820110f1"}, {"url": "https://git.kernel.org/stable/c/0d459e2ffb541841714839e8228b845458ed3b27"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: release mutex after nft_gc_seq_end from abort path\n\nThe commit mutex should not be released during the critical section\nbetween nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC\nworker could collect expired objects and get the released commit lock\nwithin the same GC sequence.\n\nnf_tables_module_autoload() temporarily releases the mutex to load\nmodule dependencies, then it goes back to replay the transaction again.\nMove it at the end of the abort phase after nft_gc_seq_end() is called."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.274", "versionStartIncluding": "5.4.262"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.215", "versionStartIncluding": "5.10.198"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.155", "versionStartIncluding": "5.15.134"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.86", "versionStartIncluding": "6.1.56"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.26", "versionStartIncluding": "6.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8.5", "versionStartIncluding": "6.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.9", "versionStartIncluding": "6.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "4.19.316"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "6.4.13"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:55:12.223Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26925", "state": "PUBLISHED", "dateUpdated": "2025-05-04T12:55:12.223Z", "dateReserved": "2024-02-19T14:20:24.194Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-04-24T21:49:23.251Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: release mutex after nft_gc_seq_end from abort path\n\nThe commit mutex should not be released during the critical section\nbetween nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC\nworker could collect expired objects and get the released commit lock\nwithin the same GC sequence.\n\nnf_tables_module_autoload() temporarily releases the mutex to load\nmodule dependencies, then it goes back to replay the transaction again.\nMove it at the end of the abort phase after nft_gc_seq_end() is called."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: libera mutex despu\u00e9s de nft_gc_seq_end de la ruta de cancelaci\u00f3n. El mutex de confirmaci\u00f3n no debe liberarse durante la secci\u00f3n cr\u00edtica entre nft_gc_seq_begin() y nft_gc_seq_end(); de lo contrario, el trabajador as\u00edncrono de GC podr\u00eda recopilar objetos caducados y obtener el bloqueo de confirmaci\u00f3n liberado dentro de la misma secuencia de GC. nf_tables_module_autoload() libera temporalmente el mutex para cargar las dependencias del m\u00f3dulo, luego vuelve a reproducir la transacci\u00f3n nuevamente. Mu\u00e9valo al final de la fase de cancelaci\u00f3n despu\u00e9s de llamar a nft_gc_seq_end()."}], "id": "CVE-2024-26925", "lastModified": "2024-11-21T09:03:23.883", "metrics": {}, "published": "2024-04-25T06:15:57.590", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0d459e2ffb541841714839e8228b845458ed3b27"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2cee2ff7f8cce12a63a0a23ffe27f08d99541494"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/61ac7284346c32f9a8c8ceac56102f7914060428"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8038ee3c3e5b59bcd78467686db5270c68544e30"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8d3a58af50e46167b6f1db47adadad03c0045dae"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a34ba4bdeec0c3b629160497594908dc820110f1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/eb769ff4e281f751adcaf4f4445cbf30817be139"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/0d459e2ffb541841714839e8228b845458ed3b27"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/2cee2ff7f8cce12a63a0a23ffe27f08d99541494"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/61ac7284346c32f9a8c8ceac56102f7914060428"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/8038ee3c3e5b59bcd78467686db5270c68544e30"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/8d3a58af50e46167b6f1db47adadad03c0045dae"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/a34ba4bdeec0c3b629160497594908dc820110f1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/eb769ff4e281f751adcaf4f4445cbf30817be139"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:5102", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:5928", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.33.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-28T00:00:00Z"}, {"advisory": "RHSA-2024:5928", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.33.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-08-28T00:00:00Z"}, {"advisory": "RHSA-2024:4823", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.75.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-24T00:00:00Z"}, {"advisory": "RHSA-2024:4831", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.75.1.rt14.360.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-24T00:00:00Z"}], "bugzilla": {"description": "kernel: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path", "id": "2277166", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2277166"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-667", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: nf_tables: release mutex after nft_gc_seq_end from abort path\nThe commit mutex should not be released during the critical section\nbetween nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC\nworker could collect expired objects and get the released commit lock\nwithin the same GC sequence.\nnf_tables_module_autoload() temporarily releases the mutex to load\nmodule dependencies, then it goes back to replay the transaction again.\nMove it at the end of the abort phase after nft_gc_seq_end() is called.", "A flaw was found in the Linux kernel\u2019s Netfilter nf_tables module. The issue arises from improper mutex handling during the garbage collection (GC) process. The problem occurs between the critical functions nft_gc_seq_begin() and nft_gc_seq_end(), where a mutex lock is incorrectly released too early, leading to potential race conditions. This issue could allow an asynchronous GC worker to collect expired objects and improperly obtain the released commit lock within the same sequence, potentially causing system instability or data corruption.\nThis vulnerability can be exploited by attackers with local access, leading to unexpected behavior or even privilege escalation under certain conditions. The kernel patch for this issue moves the mutex release to the correct point, ensuring the sequence completes safely before releasing any locks."], "name": "CVE-2024-26925", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26925\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26925\nhttps://lore.kernel.org/linux-cve-announce/2024042421-CVE-2024-26925-7c19@gregkh/T"], "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object