Siemens SCALANCE and RUGGEDCOM Devices Improper Locking (CVE-2024-26925)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release mutex after nftgcseqend from abort path The commit mutex should not be released during the critical section between nftgcseqbegin and nftgcseqend, otherwise, async GC worker could collect expired...

CVE-2024-27397

A use-after-free flaw was found in the Linux kernel’s netfilter subsystem in how a user triggers the element timeout. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation In order to trigger the issue, it requires the ability to create user/net...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-613)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-613 advisory. In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use CVE-2024-26921 In the Linux kernel, the following vulnerability has...

CVE-2024-27397 netfilter: nf_tables: use timestamp to check for set element timeout

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to u...

CVE-2024-27397 netfilter: nf_tables: use timestamp to check for set element timeout

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. Update set backend .insert, .deactivate and sync gc path to u...

CVE-2024-26925

CVE-2024-26925 affects the Linux kernel nf_tables component. The issue arises when the commit mutex is released during the abort path between nft_gc_seq_begin() and nft_gc_seq_end(), allowing an asynchronous GC worker to collect expired objects and obtain the released commit lock within the same ...

CVE-2024-26925 netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release mutex after nftgcseqend from abort path The commit mutex should not be released during the critical section between nftgcseqbegin and nftgcseqend, otherwise, async GC worker could collect expired...

CVE-2024-26925

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release mutex after nftgcseqend from abort path The commit mutex should not be released during the critical section between nftgcseqbegin and nftgcseqend, otherwise, async GC worker could collect expired...

CVE-2024-26925 netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release mutex after nftgcseqend from abort path The commit mutex should not be released during the critical section between nftgcseqbegin and nftgcseqend, otherwise, async GC worker could collect expired...

CVE-2024-26643

A vulnerability was found in the netfilter/nftables subsystem of Linux Kernel, where a race condition caused where the garbage collector could prematurely collect elements from anonymous sets with timeouts while they were being released. Mitigation Red Hat has investigated whether a possible...

CVE-2024-26643

CVE-2024-26643 is a Linux kernel vulnerability in netfilter nf_tables where the asynchronous rhashtable garbage-collection can race with the release of anonymous sets that have timeouts, leading to a potential collection of elements during commit path teardown. The root cause is a race between se...

SUSE CVE-2023-52433

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: skip sync GC for new elements in this transaction New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path might walk over an alrea...

CVE-2023-52433

CVE-2023-52433 refers to a Linux kernel issue in netfilter nft_set_rbtree where new elements within a single transaction may expire before the transaction ends. To avoid a commit path walking over an already released object, the code skips sync garbage collection (GC) for those elements during th...

CVE-2023-52433 netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: skip sync GC for new elements in this transaction New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path might walk over an alrea...