Bug 2281672 (CVE-2024-35897)
| Summary: | CVE-2024-35897 kernel: netfilter: nf_tables: discard table flag update with pending basechain deletion | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | ybuenos |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acaringi, allarkin, aquini, bhu, chwhite, cye, cyin, dbohanno, debarbos, dfreiber, drow, dvlasenk, esandeen, ezulian, hkrzesin, jarod, jburrell, jdenham, jfaracco, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, kcarcia, ldoskova, lgoncalv, lzampier, mleitner, mmilgram, mstowell, nmurray, ptalbert, rparrazo, rrobaina, rvrbovsk, rysulliv, scweaver, sidakwo, sukulkar, tglozar, tyberry, vkumar, wcosta, williams, wmealing, ycote, ykopkova, zhijwang |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kernel 5.4.274, kernel 5.10.215, kernel 5.15.155, kernel 6.1.86, kernel 6.6.26, kernel 6.8.5, kernel 6.9 | Doc Type: | If docs needed, set a value |
| Doc Text: |
This CVE involves a flaw in the Linux kernel's nf_tables component, part of the Netfilter framework used for packet filtering and firewall functionalities. The vulnerability arises when a table's dormant flag is updated while there's a pending deletion of a base chain. In such cases, the unregistration of hooks is deferred until the commit phase. If both operations—updating the dormant flag and deleting the base chain—are combined, it can result in the base chain being deleted while its hook remains registered in the core system. This inconsistency may lead to unexpected behavior or potential security risks.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2281673 | ||
| Bug Blocks: | 2281751 | ||
|
Description
ybuenos
2024-05-20 11:27:35 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2281673] The result of automatic check (that is developed by Alexander Larkin) for this CVE-2024-35897 is: CHECK Maybe valid. Check manually. with impact MODERATE (that is approximation based on flags REMOTE NETFILTER ; these flags parsed automatically based on patche data). Such automatic check happens only for Low/Moderates (and only when not from reporter, but parsing already existing CVE). Highs always checked manually (I check it myself and then we check it again in Remediation team). In rare cases some of the Moderates could be increased to High later. This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:4823 https://access.redhat.com/errata/RHSA-2024:4823 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:4831 https://access.redhat.com/errata/RHSA-2024:4831 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:5101 https://access.redhat.com/errata/RHSA-2024:5101 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2024:5256 https://access.redhat.com/errata/RHSA-2024:5256 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2024:5257 https://access.redhat.com/errata/RHSA-2024:5257 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:5928 https://access.redhat.com/errata/RHSA-2024:5928 |