CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: fix performance regression in swap operation The patch
“netfilter: ipset: fix race condition between swap/destroy and kernel side
add/del/test”, commit 28628fa9 fixes a race condition. But the
synchronize_rcu() added to the swap function unnecessarily slows it down:
it can safely be moved to destroy and use call_rcu() instead. Eric Dumazet
pointed out that simply calling the destroy functions as rcu callback does
not work: sets with timeout use garbage collectors which need cancelling at
destroy which can wait. Therefore the destroy functions are split into two:
cancelling garbage collectors safely at executing the command received by
netlink and moving the remaining part only into the rcu callback.
Author | Note |
---|---|
Priority reason: This is a performance regression introduced by a prior commit. | |
sbeattie | This is a performance regression introduced by 28628fa952fe (“netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test”) which does not appear to be associated with a CVE. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < 5.4.0-181.201 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-106.116 | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < 6.5.0-44.44 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1124.134 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1061.67 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1061.67~20.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < 5.4.0-1124.134~18.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < 6.5.0-1023.23~22.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < 5.4.0-1129.136 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1063.72 | UNKNOWN |
git.kernel.org/linus/97f7cf1cd80eeed3b7c808b7c12463295c751001 (6.8-rc3)
git.kernel.org/stable/c/653bc5e6d9995d7d5f497c665b321875a626161c
git.kernel.org/stable/c/970709a67696b100a57b33af1a3d75fc34b747eb
git.kernel.org/stable/c/97f7cf1cd80eeed3b7c808b7c12463295c751001
git.kernel.org/stable/c/a24d5f2ac8ef702a58e55ec276aad29b4bd97e05
git.kernel.org/stable/c/b93a6756a01f4fd2f329a39216f9824c56a66397
git.kernel.org/stable/c/c2dc077d8f722a1c73a24e674f925602ee5ece49
git.kernel.org/stable/c/c7f2733e5011bfd136f1ca93497394d43aa76225
launchpad.net/bugs/cve/CVE-2024-26910
nvd.nist.gov/vuln/detail/CVE-2024-26910
security-tracker.debian.org/tracker/CVE-2024-26910
ubuntu.com/security/notices/USN-6766-1
ubuntu.com/security/notices/USN-6766-2
ubuntu.com/security/notices/USN-6766-3
ubuntu.com/security/notices/USN-6767-1
ubuntu.com/security/notices/USN-6767-2
ubuntu.com/security/notices/USN-6795-1
ubuntu.com/security/notices/USN-6828-1
ubuntu.com/security/notices/USN-6895-1
ubuntu.com/security/notices/USN-6895-2
ubuntu.com/security/notices/USN-6895-3
ubuntu.com/security/notices/USN-6900-1
www.cve.org/CVERecord?id=CVE-2024-26910