CVE-2024-26925

2024-04-2500:00:00

ubuntu.com

linux

kernel

netfilter

vulnerability

fixed

mutex

nft_gc_seq_end

object collection

module dependencies

transaction replay

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.2%

JSON

In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
The commit mutex should not be released during the critical section between
nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could
collect expired objects and get the released commit lock within the same GC
sequence. nf_tables_module_autoload() temporarily releases the mutex to
load module dependencies, then it goes back to replay the transaction
again. Move it at the end of the abort phase after nft_gc_seq_end() is
called.

Notes

Author	Note
	Priority reason: Reported by Google kCTF

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< anyUNKNOWN
ubuntu23.10noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< anyUNKNOWN
ubuntu23.10noarchlinux-aws< anyUNKNOWN
ubuntu24.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws-5.15< anyUNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< any	UNKNOWN
ubuntu	23.10	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	23.10	noarch	linux-aws	< any	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN