A use-after-free flaw was found in nftables sub-component due to a race problem between set GC and transaction in the Linux Kernel. This flaw could allow a local attacker to crash the system, due to missing call to to `nft_set_elem_mark_busy` causing double deactivation of the element. This vulnerability could even lead to a kernel information leak problem. Refer: https://lore.kernel.org/netdev/20230810070830.24064-1-pablo@netfilter.org/ https://lore.kernel.org/netdev/20230815223011.7019-1-fw@strlen.de/
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2235467]
*** This bug has been marked as a duplicate of bug 2237755 ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:1019 https://access.redhat.com/errata/RHSA-2024:1019
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:1018 https://access.redhat.com/errata/RHSA-2024:1018
*** Bug 2265184 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:1248 https://access.redhat.com/errata/RHSA-2024:1248
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:2950
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3138 https://access.redhat.com/errata/RHSA-2024:3138
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:3414 https://access.redhat.com/errata/RHSA-2024:3414
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:3421 https://access.redhat.com/errata/RHSA-2024:3421