CVE-2024-36286

ULN >
Oracle Linux CVE repository >
CVE-2024-36286

CVE Details

Release Date:

2024-06-21

Description

In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()\nsyzbot reported that nf_reinject() could be called without rcu_read_lock() :\nWARNING: suspicious RCU usage\n6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Not tainted\nnet/netfilter/nfnetlink_queue.c:263 suspicious rcu_dereference_check() usage!\nother info that might help us debug this:\nrcu_scheduler_active = 2, debug_locks = 1\n2 locks held by syz-executor.4/13427:\n#0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]\n#0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2190 [inline]\n#0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_core+0xa86/0x1830 kernel/rcu/tree.c:2471\n#1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n#1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: nfqnl_flush net/netfilter/nfnetlink_queue.c:405 [inline]\n#1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: instance_destroy_rcu+0x30/0x220 net/netfilter/nfnetlink_queue.c:172\nstack backtrace:\nCPU: 0 PID: 13427 Comm: syz-executor.4 Not tainted 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nCall Trace:\n\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\nlockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712\nnf_reinject net/netfilter/nfnetlink_queue.c:323 [inline]\nnfqnl_reinject+0x6ec/0x1120 net/netfilter/nfnetlink_queue.c:397\nnfqnl_flush net/netfilter/nfnetlink_queue.c:410 [inline]\ninstance_destroy_rcu+0x1ae/0x220 net/netfilter/nfnetlink_queue.c:172\nrcu_do_batch kernel/rcu/tree.c:2196 [inline]\nrcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471\nhandle_softirqs+0x2d6/0x990 kernel/softirq.c:554\n__do_softirq kernel/softirq.c:588 [inline]\ninvoke_softirq kernel/softirq.c:428 [inline]\n__irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637\nirq_exit_rcu+0x9/0x30 kernel/softirq.c:649\ninstr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]\nsysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043\n\n

See more information about CVE-2024-36286 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	4.7	CVSS Vector:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector:	Local network	Attack Complexity:	High
Privileges Required:	Low	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12581	2024-08-12
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12611	2024-09-11
Oracle Linux version 7 (kernel-uek-container)	ELSA-2024-12585	2024-08-12
Oracle Linux version 8 (kernel)	ELSA-2024-5101	2024-08-08
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12581	2024-08-12
Oracle Linux version 8 (kernel-uek-container)	ELSA-2024-12584	2024-08-12

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691