Vulnerability Details : CVE-2024-26835
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: set dormant flag on hook register failure
We need to set the dormant flag again if we fail to register
the hooks.
During memory pressure hook registration can fail and we end up
with a table marked as active but no registered hooks.
On table/base chain deletion, nf_tables will attempt to unregister
the hook again which yields a warn splat from the nftables core.
Products affected by CVE-2024-26835
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2024-26835
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-26835
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
1.8
|
3.6
|
NIST | 2025-04-02 |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
N/A
|
N/A
|
RedHat-CVE-2024-26835 | 2024-04-17 |
References for CVE-2024-26835
-
https://git.kernel.org/stable/c/bccebf64701735533c8db37773eeacc6566cc8ec
netfilter: nf_tables: set dormant flag on hook register failure - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/a6411f3c48f991c19aaf9a24fce36865fbba28d7
netfilter: nf_tables: set dormant flag on hook register failure - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/0c9302a6da262e6ab6a6c1d30f04a6130ed97376
netfilter: nf_tables: set dormant flag on hook register failure - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/6f2496366426cec18ba53f1c7f6c3ac307ca6a95
netfilter: nf_tables: set dormant flag on hook register failure - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/31ea574aeca1aa488e18716459bde057217637af
netfilter: nf_tables: set dormant flag on hook register failure - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/ae4360cbd385f0d7a8a86d5723e50448cc6318f3
netfilter: nf_tables: set dormant flag on hook register failure - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/f2135bbf14949687e96cabb13d8a91ae3deb9069
netfilter: nf_tables: set dormant flag on hook register failure - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
[SECURITY] [DLA 3842-1] linux-5.10 security updateMailing List
-
https://git.kernel.org/stable/c/664264a5c55bf97a9c571c557d477b75416199be
netfilter: nf_tables: set dormant flag on hook register failure - kernel/git/stable/linux.git - Linux kernel stable treePatch
Jump to