CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftables: Fix potential data-race in nftobjtypeget()
nftunregisterobj() can concurrent with nftobjtypeget(), and there is not any protection when iterate over nftablesobjects list in nftobjtypeget(). Therefore, there is potential data-race of nftablesobjects list entry.
Use listforeachentryrcu() to iterate over nftablesobjects list in nftobjtypeget(), and use rcureadlock() in the caller nftobjtypeget() to protect the entire type query process.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftables: Fix potential data-race in nftobjtypeget()
The Linux kernel CVE team has assigned CVE-2024-27019 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050150-CVE-2024-27019-e3d4@gregkh/T
— Red Hat
Linux Kernel is vulnerable to a denial of service, caused by potential data-race in nftobjtypeget() in netfilter: nftables. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-27019?
CVE-2024-27019 has been classified with high severity due to its impact on the Linux kernel's data handling.
How do I fix CVE-2024-27019?
To fix CVE-2024-27019, update your kernel to versions 5.15.157, 6.1.88, 6.6.29, 6.8.8, or 6.9.
What versions of the Linux kernel are affected by CVE-2024-27019?
CVE-2024-27019 affects multiple versions of the Linux kernel ranging from 4.10 to pre-release 6.9.
What systems are impacted by CVE-2024-27019?
CVE-2024-27019 impacts Red Hat, Debian, and Fedora systems running vulnerable versions of the Linux kernel.
Is CVE-2024-27019 a critical vulnerability?
CVE-2024-27019 is considered critical due to the potential for exploitation affecting system stability.