| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Apr 2024 11:52:00 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-26809: netfilter: nft_set_pipapo: release elements in clone only from destroy path
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: release elements in clone only from destroy path
Clone already always provides a current view of the lookup table, use it
to destroy the set, otherwise it is possible to destroy elements twice.
This fix requires:
212ed75dc5fb ("netfilter: nf_tables: integrate pipapo into commit protocol")
which came after:
9827a0e6e23b ("netfilter: nft_set_pipapo: release elements in clone from abort path").
The Linux kernel CVE team has assigned CVE-2024-26809 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.10.130 with commit 4a6430b99f67 and fixed in 5.10.214 with commit b36b83297ff4
Issue introduced in 5.15.54 with commit 5ccecafc728b and fixed in 5.15.153 with commit 362508506bf5
Issue introduced in 5.19 with commit 9827a0e6e23b and fixed in 6.1.83 with commit 5ad233dc731a
Issue introduced in 5.19 with commit 9827a0e6e23b and fixed in 6.6.23 with commit ff9005077141
Issue introduced in 5.19 with commit 9827a0e6e23b and fixed in 6.7.11 with commit 821e28d5b506
Issue introduced in 5.19 with commit 9827a0e6e23b and fixed in 6.8.2 with commit 9384b4d85c46
Issue introduced in 5.19 with commit 9827a0e6e23b and fixed in 6.9-rc1 with commit b0e256f3dd2b
Issue introduced in 5.18.11 with commit d2b18d110685
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-26809
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
net/netfilter/nft_set_pipapo.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/b36b83297ff4910dfc8705402c8abffd4bbf8144
https://git.kernel.org/stable/c/362508506bf545e9ce18c72a2c48dcbfb891ab9c
https://git.kernel.org/stable/c/5ad233dc731ab64cdc47b84a5c1f78fff6c024af
https://git.kernel.org/stable/c/ff90050771412b91e928093ccd8736ae680063c2
https://git.kernel.org/stable/c/821e28d5b506e6a73ccc367ff792bd894050d48b
https://git.kernel.org/stable/c/9384b4d85c46ce839f51af01374062ce6318b2f2
https://git.kernel.org/stable/c/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee
Powered by blists - more mailing lists