In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple The Linux kernel CVE team has assigned CVE-2024-27015 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050149-CVE-2024-27015-9ce1@gregkh/T
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2278267]
I don't see any relation to security in the CVE fixing commit. The effect is merely for PPPoE packages to not match the flowtable entry when they should and so continue to traverse the standard forwarding path through the kernel. This is bad because flowtables are unusable with PPPoE, but it's more or less just a lack of feature. Can we at least lessen severity/priority values and perhaps also contest the CVE itself?
In reply to comment #5: > I don't see any relation to security in the CVE fixing commit. The effect is > merely for PPPoE packages to not match the flowtable entry when they should > and so continue to traverse the standard forwarding path through the kernel. > This is bad because flowtables are unusable with PPPoE, but it's more or > less just a lack of feature. Can we at least lessen severity/priority values > and perhaps also contest the CVE itself? Decreased to Low.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:9315 https://access.redhat.com/errata/RHSA-2024:9315