Lucene search

K
redhatcveRedhat.comRH:CVE-2024-27397
HistoryMay 14, 2024 - 11:56 p.m.

CVE-2024-27397

2024-05-1423:56:36
redhat.com
access.redhat.com
20
cve-2024-27397
linux kernel
netfilter
nf_tables
timestamp
set element timeout
per-netns area
control plane
packet path
workqueue
vulnerability
async gc

AI Score

6.9

Confidence

High

EPSS

0

Percentile

10.8%

A use-after-free flaw was found in the Linux kernel’s netfilter subsystem in how a user triggers the element timeout. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Mitigation

In order to trigger the issue, it requires the ability to create user/net namespaces.

On non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user namespaces by setting user.max_user_namespaces to 0:

echo “user.max_user_namespaces=0” > /etc/sysctl.d/userns.conf

sysctl -p /etc/sysctl.d/userns.conf

On containerized deployments, such as Red Hat OpenShift Container Platform, do not use this mitigation as the functionality is needed to be enabled.