CVE-2024-27011: netfilter: nf_tables: fix memleak in map from abort path
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftables: fix memleak in map from abort path
The delete set command does not rely on the transaction object for element removal, therefore, a combination of delete element + delete set from the abort path could result in restoring twice the refcount of the mapping.
Check for inactive element in the next generation for the delete element command in the abort path, skip restoring state if next generation bit has been already cleared. This is similar to the activate logic using the set walk iterator.
[ 6170.286929] ------------[ cut here ]------------ [ 6170.286939] WARNING: CPU: 6 PID: 790302 at net/netfilter/nftablesapi.c:2086 nftableschaindestroy+0x1f7/0x220 [nftables] [ 6170.287071] Modules linked in: [...] [ 6170.287633] CPU: 6 PID: 790302 Comm: kworker/6:2 Not tainted 6.9.0-rc3+ #365 [ 6170.287768] RIP: 0010:nftableschaindestroy+0x1f7/0x220 [nftables] [ 6170.287886] Code: df 48 8d 7d 58 e8 69 2e 3b df 48 8b 7d 58 e8 80 1b 37 df 48 8d 7d 68 e8 57 2e 3b df 48 8b 7d 68 e8 6e 1b 37 df 48 89 ef eb c4 <0f> 0b 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 0f [ 6170.287895] RSP: 0018:ffff888134b8fd08 EFLAGS: 00010202 [ 6170.287904] RAX: 0000000000000001 RBX: ffff888125bffb28 RCX: dffffc0000000000 [ 6170.287912] RDX: 0000000000000003 RSI: ffffffffa20298ab RDI: ffff88811ebe4750 [ 6170.287919] RBP: ffff88811ebe4700 R08: ffff88838e812650 R09: fffffbfff0623a55 [ 6170.287926] R10: ffffffff8311d2af R11: 0000000000000001 R12: ffff888125bffb10 [ 6170.287933] R13: ffff888125bffb10 R14: dead000000000122 R15: dead000000000100 [ 6170.287940] FS: 0000000000000000(0000) GS:ffff888390b00000(0000) knlGS:0000000000000000 [ 6170.287948] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6170.287955] CR2: 00007fd31fc00710 CR3: 0000000133f60004 CR4: 00000000001706f0 [ 6170.287962] Call Trace: [ 6170.287967] [ 6170.287973] ? warn+0x9f/0x1a0 [ 6170.287986] ? nftableschaindestroy+0x1f7/0x220 [nftables] [ 6170.288092] ? reportbug+0x1b1/0x1e0 [ 6170.287986] ? nftableschaindestroy+0x1f7/0x220 [nftables] [ 6170.288092] ? reportbug+0x1b1/0x1e0 [ 6170.288104] ? handlebug+0x3c/0x70 [ 6170.288112] ? excinvalidop+0x17/0x40 [ 6170.288120] ? asmexcinvalidop+0x1a/0x20 [ 6170.288132] ? nftableschaindestroy+0x2b/0x220 [nftables] [ 6170.288243] ? nftableschaindestroy+0x1f7/0x220 [nftables] [ 6170.288366] ? nftableschaindestroy+0x2b/0x220 [nftables] [ 6170.288483] nftablestransdestroywork+0x588/0x590 [nftables]
Other sources
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftables: fix memleak in map from abort path
The delete set command does not rely on the transaction object for element removal, therefore, a combination of delete element + delete set from the abort path could result in restoring twice the refcount of the mapping.
Check for inactive element in the next generation for the delete element command in the abort path, skip restoring state if next generation bit has been already cleared. This is similar to the activate logic using the set walk iterator.
[ 6170.286929] ------------[ cut here ]------------ [ 6170.286939] WARNING: CPU: 6 PID: 790302 at net/netfilter/nftablesapi.c:2086 nftableschaindestroy+0x1f7/0x220 [nftables] [ 6170.287071] Modules linked in: [...] [ 6170.287633] CPU: 6 PID: 790302 Comm: kworker/6:2 Not tainted 6.9.0-rc3+ #365 [ 6170.287768] RIP: 0010:nftableschaindestroy+0x1f7/0x220 [nftables] [ 6170.287886] Code: df 48 8d 7d 58 e8 69 2e 3b df 48 8b 7d 58 e8 80 1b 37 df 48 8d 7d 68 e8 57 2e 3b df 48 8b 7d 68 e8 6e 1b 37 df 48 89 ef eb c4 <0f> 0b 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 0f [ 6170.287895] RSP: 0018:ffff888134b8fd08 EFLAGS: 00010202 [ 6170.287904] RAX: 0000000000000001 RBX: ffff888125bffb28 RCX: dffffc0000000000 [ 6170.287912] RDX: 0000000000000003 RSI: ffffffffa20298ab RDI: ffff88811ebe4750 [ 6170.287919] RBP: ffff88811ebe4700 R08: ffff88838e812650 R09: fffffbfff0623a55 [ 6170.287926] R10: ffffffff8311d2af R11: 0000000000000001 R12: ffff888125bffb10 [ 6170.287933] R13: ffff888125bffb10 R14: dead000000000122 R15: dead000000000100 [ 6170.287940] FS: 0000000000000000(0000) GS:ffff888390b00000(0000) knlGS:0000000000000000 [ 6170.287948] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6170.287955] CR2: 00007fd31fc00710 CR3: 0000000133f60004 CR4: 00000000001706f0 [ 6170.287962] Call Trace: [ 6170.287967] <TASK> [ 6170.287973] ? warn+0x9f/0x1a0 [ 6170.287986] ? nftableschaindestroy+0x1f7/0x220 [nftables] [ 6170.288092] ? reportbug+0x1b1/0x1e0 [ 6170.287986] ? nftableschaindestroy+0x1f7/0x220 [nftables] [ 6170.288092] ? reportbug+0x1b1/0x1e0 [ 6170.288104] ? handlebug+0x3c/0x70 [ 6170.288112] ? excinvalidop+0x17/0x40 [ 6170.288120] ? asmexcinvalidop+0x1a/0x20 [ 6170.288132] ? nftableschaindestroy+0x2b/0x220 [nftables] [ 6170.288243] ? nftableschaindestroy+0x1f7/0x220 [nftables] [ 6170.288366] ? nftableschaindestroy+0x2b/0x220 [nftables] [ 6170.288483] nftablestransdestroywork+0x588/0x590 [nftables]
— NVD
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftables: fix memleak in map from abort path
The Linux kernel CVE team has assigned CVE-2024-27011 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050148-CVE-2024-27011-2c70@gregkh/T
— Red Hat
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-27011?
CVE-2024-27011 has a medium severity due to potential memory leak vulnerabilities in the Linux kernel.
How do I fix CVE-2024-27011?
To fix CVE-2024-27011, update to kernel version 6.8.8 or 6.9 for Red Hat and 6.12.10-1 or 6.12.11-1 for Debian systems.
What systems are affected by CVE-2024-27011?
CVE-2024-27011 affects various versions of the Linux kernel, particularly versions before 6.8.8 and 6.9.
Is CVE-2024-27011 a critical vulnerability?
CVE-2024-27011 is not classified as critical, but it could lead to resource leaks that impact system stability.
What are the consequences of not mitigating CVE-2024-27011?
Failing to mitigate CVE-2024-27011 could result in memory leaks, which may degrade system performance over time.