CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()

Published May 1, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nftables: Fix potential data-race in nftexprtypeget()

nftunregisterexpr() can concurrent with nftexprtypeget(), and there is not any protection when iterate over nftablesexpressions list in nftexprtypeget(). Therefore, there is potential data-race of nftablesexpressions list entry.

Use listforeachentryrcu() to iterate over nftablesexpressions list in nftexprtypeget(), and use rcureadlock() in the caller nftexprtypeget() to protect the entire type query process.

Other sources

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nftables: Fix potential data-race in nftexprtypeget()

The Linux kernel CVE team has assigned CVE-2024-27020 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024050150-CVE-2024-27020-5158@gregkh/T

Red Hat

Linux Kernel is vulnerable to a denial of service, caused by potential data-race in nftexprtypeget() in netfilter: nftables. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.

IBM

Affected Software

25 affected componentsFixes available
Linux Linux kernel>=3.13<4.19.313
Linux Linux kernel>=4.20<5.4.275
Linux Linux kernel>=5.5<5.10.216
Linux Linux kernel>=5.11<5.15.157
Linux Linux kernel>=5.16<6.1.88
Linux Linux kernel>=6.2<6.6.29
Linux Linux kernel>=6.7<6.8.8
Linux Linux kernel=6.9-rc1
Linux Linux kernel=6.9-rc2
Linux Linux kernel=6.9-rc3
Linux Linux kernel=6.9-rc4
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.25-16.12.27-1
redhat/kernel<5.15.157
5.15.157
redhat/kernel<6.1.88
6.1.88
redhat/kernel<6.6.29
6.6.29
redhat/kernel<6.8.8
6.8.8
redhat/kernel<6.9
6.9
Microsoft cbl2 kernel 5.15.158.1-1
Patch available
Microsoft cbl2 kernel 5.15.153.1-2
Patch available
Microsoft azl3 kernel 6.6.35.1-5
Patch available
Microsoft azl3 kernel 6.6.22.1-2
Patch available

Remediation

Patch Available

https://git.kernel.org/stable/c/01f1a678b05ade4b1248019c2dcca773aebbeb7f

Patch Available

https://git.kernel.org/stable/c/0b6de00206adbbfc6373b3ae38d2a6f197987907

Patch Available

https://git.kernel.org/stable/c/8d56bad42ac4c43c6c72ddd6a654a2628bf839c5

Patch Available

https://git.kernel.org/stable/c/934e66e231cff2b18faa2c8aad0b8cec13957e05

Patch Available

https://git.kernel.org/stable/c/939109c0a8e2a006a6cc8209e262d25065f4403a

Patch Available

https://git.kernel.org/stable/c/a9ebf340d123ae12582210407f879d6a5a1bc25b

Patch Available

https://git.kernel.org/stable/c/b38a133d37fa421c8447b383d788c9cc6f5cb34c

Patch Available

https://git.kernel.org/stable/c/f969eb84ce482331a991079ab7a5c4dc3b7f89bf

Patch Available

https://git.kernel.org/linus/ef1f7df9170dbd875ce198ba84e6ab80f6fc139e

Patch Available

https://git.kernel.org/linus/f969eb84ce482331a991079ab7a5c4dc3b7f89bf

Event History

May 1, 2024
CVE Published
via MITRE·05:30 AM
Data Sourced
via MITRE·05:30 AM
Description
Data Sourced
via NVD·06:15 AM
RemedyDescriptionSeverityWeaknessAffected Software
Data Sourced
via Red Hat·06:18 PM
DescriptionSeverityAffected Software
May 24, 2024
Data Sourced
via Microsoft·07:00 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·07:00 AM
Affected Software
Updated
via Microsoft·07:00 AM
Affected Software
Updated
via Microsoft·07:00 AM
DescriptionSeverity
Jul 11, 2024
Data Sourced
via Launchpad·07:46 PM
Description
Apr 27, 2025
Data Sourced
via Ubuntu·12:17 AM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-27020?

CVE-2024-27020 has been classified as a medium severity vulnerability due to the potential data race condition in the Linux kernel.

2

How do I fix CVE-2024-27020?

To fix CVE-2024-27020, update your kernel to versions 5.15.157, 6.1.88, or later versions as specified in the security advisories.

3

What versions of the Linux kernel are affected by CVE-2024-27020?

CVE-2024-27020 affects various versions of the Linux kernel from 3.13 up to 6.9-rc4, depending on the specific distribution and version.

4

Who reported the vulnerability CVE-2024-27020?

CVE-2024-27020 was reported as a potential data race condition in the kernel netfilter component.

5

Is there a workaround for CVE-2024-27020?

Currently, there is no known workaround for CVE-2024-27020, making it essential to apply the recommended kernel updates.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203