Release Date: | 2024-05-19 |
In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: nf_tables: reject new basechain after table flag update\nWhen dormant flag is toggled, hooks are disabled in the commit phase by\niterating over current chains in table (existing and new).\nThe following configuration allows for an inconsistent state:\nadd table x\nadd chain x y { type filter hook input priority 0; }\nadd table x { flags dormant; }\nadd chain x w { type filter hook input priority 1; }\nwhich triggers the following warning when trying to unregister chain w\nwhich is already unregistered.\n[ 127.322252] WARNING: CPU: 7 PID: 1211 at net/netfilter/core.c:50 1 __nf_unregister_net_hook+0x21a/0x260\n[...]\n[ 127.322519] Call Trace:\n[ 127.322521]
See more information about CVE-2024-35900 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
Base Score: | 5.5 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Attack Vector: | Local network | Attack Complexity: | Low |
Privileges Required: | Low | User Interaction: | None |
Scope: | Unchanged | Confidentiality Impact: | None |
Integrity Impact: | None | Availability Impact: | High |
Platform | Errata | Release Date |
Oracle Linux version 8 (kernel) | ELSA-2024-5101 | 2024-08-08 |
Oracle Linux version 9 (kernel) | ELSA-2024-9315 | 2024-11-14 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections: