Bug 2265185 (CVE-2024-26581) - CVE-2024-26581 kernel: nftables: nft_set_rbtree skip end interval element from gc
Summary: CVE-2024-26581 kernel: nftables: nft_set_rbtree skip end interval element fro...
Keywords:
Status: NEW
Alias: CVE-2024-26581
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2265186
Blocks: 2265182
TreeView+ depends on / blocked
 
Reported: 2024-02-20 20:19 UTC by Patrick Del Bello
Modified: 2024-03-24 10:17 UTC (History)
50 users (show)

Fixed In Version: kernel 6.1.78
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel’s Netfilter subsystem. This issue occurs in the nft_set_rbtree. rbtree lazy gc on insert, which might collect an end interval element just added in a transaction and skip the end interval elements not yet active.
Clone Of:
Environment:
Last Closed: 2024-02-25 10:39:28 UTC
Embargoed:

Attachments (Terms of Use)

Description Patrick Del Bello 2024-02-20 20:19:44 UTC 
In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_rbtree: skip end interval element from gc 

rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that
are not yet active.

https://git.kernel.org/stable/c/1296c110c5a0b45a8fcf58e7d18bc5da61a565cb
https://git.kernel.org/stable/c/60c0c230c6f046da536d3df8b39a20b9a9fd6af0
https://git.kernel.org/stable/c/6eb14441f10602fa1cf691da9d685718b68b78a9
https://git.kernel.org/stable/c/b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7
Comment 1 Patrick Del Bello 2024-02-20 20:20:08 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2265186]
Comment 3 Justin M. Forbes 2024-02-21 23:00:03 UTC 
This was fixed for Fedora with the 6.7.5 stable kernel updates.
Note You need to log in before you can comment on or make changes to this bug.