CISA-2024-35898
Reported by Linux · Published May 19, 2024
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() nft_unregister_flowtable_type() within nf_flow_inet_module_exit() can concurrent with __nft_flowtable_type_get() within nf_tables_newflowtable(). And thhere is not any protection when iterate over nf_tables_flowtables list in __nft_flowtable_type_get(). Therefore, there is pertential data-race of nf_tables_flowtables list entry. Use list_for_each_entry_rcu() to iterate over nf_tables_flowtables list in __nft_flowtable_type_get(), and use rcu_read_lock() in the caller nft_flowtable_type_get() to protect the entire type query process.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 3b49e2e94e6ebb8b23d0955d9e898254455734f8, 3b49e2e94e6ebb8b23d0955d9e898254455734f8, 3b49e2e94e6ebb8b23d0955d9e898254455734f8 |
| Linux | Linux | 4.16, 0, 4.19.312 |
| linux | linux_kernel | 4.16, 4.16, 4.16 |
| Linux | Linux | 3b49e2e94e6ebb8b23d0955d9e898254455734f8, 3b49e2e94e6ebb8b23d0955d9e898254455734f8, 3b49e2e94e6ebb8b23d0955d9e898254455734f8 |
Timeline
- May 19, 2024 CVE Published
- May 4, 2025 CVE Updated