A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free. We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a. References: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=317eb9685095678f2c9f5a8189de698c5354316a https://kernel.dance/317eb9685095678f2c9f5a8189de698c5354316a
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2255140]
This is fixed for Fedora with the 6.6.7 stable kernel updates.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0881 https://access.redhat.com/errata/RHSA-2024:0881
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0897 https://access.redhat.com/errata/RHSA-2024:0897
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:1019 https://access.redhat.com/errata/RHSA-2024:1019
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:1018 https://access.redhat.com/errata/RHSA-2024:1018
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:1248 https://access.redhat.com/errata/RHSA-2024:1248
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Telecommunications Update Service Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Via RHSA-2024:1268 https://access.redhat.com/errata/RHSA-2024:1268
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2024:1269 https://access.redhat.com/errata/RHSA-2024:1269
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2024:1367 https://access.redhat.com/errata/RHSA-2024:1367
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Via RHSA-2024:1382 https://access.redhat.com/errata/RHSA-2024:1382
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:1404
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:3414 https://access.redhat.com/errata/RHSA-2024:3414
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:3421 https://access.redhat.com/errata/RHSA-2024:3421