Vulnerability Details : CVE-2024-27019
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
nft_unregister_obj() can concurrent with __nft_obj_type_get(),
and there is not any protection when iterate over nf_tables_objects
list in __nft_obj_type_get(). Therefore, there is potential data-race
of nf_tables_objects list entry.
Use list_for_each_entry_rcu() to iterate over nf_tables_objects
list in __nft_obj_type_get(), and use rcu_read_lock() in the caller
nft_obj_type_get() to protect the entire type query process.
Products affected by CVE-2024-27019
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2024-27019
0.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 5 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-27019
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.7
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.0
|
3.6
|
NIST | 2024-05-23 |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
N/A
|
N/A
|
RedHat-CVE-2024-27019 | 2024-05-01 |
CWE ids for CVE-2024-27019
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2024-27019
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/
[SECURITY] Fedora 40 Update: kernel-6.8.8-300.fc40 - package-announce - Fedora Mailing-Lists
-
https://git.kernel.org/stable/c/379bf7257bc5f2a1b1ca8514e08a871b7bf6d920
netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/df7c0fb8c2b9f9cac65659332581b19682a71349
netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/
[SECURITY] Fedora 38 Update: kernel-6.8.8-100.fc38 - package-announce - Fedora Mailing-Lists
-
https://git.kernel.org/stable/c/cade34279c2249eafe528564bd2e203e4ff15f88
netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() - kernel/git/stable/linux.git - Linux kernel stable tree
-
https://git.kernel.org/stable/c/d78d867dcea69c328db30df665be5be7d0148484
netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/4ca946b19caf655a08d5e2266d4d5526025ebb73
netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/ad333578f736d56920e090d7db1f8dec891d815e
netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/
[SECURITY] Fedora 39 Update: kernel-6.8.8-200.fc39 - package-announce - Fedora Mailing-Lists
Jump to