CVE-2024-27019 netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()

2024-05-0105:30:11

Linux

www.cve.org

netfilter

nf_tables

fix

potential

data-race

linux kernel

vulnerability

list

rcu_read_lock

cve

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

JSON

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()

nft_unregister_obj() can concurrent with __nft_obj_type_get(),
and there is not any protection when iterate over nf_tables_objects
list in __nft_obj_type_get(). Therefore, there is potential data-race
of nf_tables_objects list entry.

Use list_for_each_entry_rcu() to iterate over nf_tables_objects
list in __nft_obj_type_get(), and use rcu_read_lock() in the caller
nft_obj_type_get() to protect the entire type query process.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/netfilter/nf_tables_api.c"
    ],
    "versions": [
      {
        "version": "e50092404c1b",
        "lessThan": "cade34279c22",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "e50092404c1b",
        "lessThan": "379bf7257bc5",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "e50092404c1b",
        "lessThan": "df7c0fb8c2b9",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "e50092404c1b",
        "lessThan": "ad333578f736",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "e50092404c1b",
        "lessThan": "4ca946b19caf",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "e50092404c1b",
        "lessThan": "d78d867dcea6",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/netfilter/nf_tables_api.c"
    ],
    "versions": [
      {
        "version": "4.10",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "4.10",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.219",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.157",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.88",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.29",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.8.8",
        "lessThanOrEqual": "6.8.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]