Ubuntu.comUB:CVE-2024-27011CVE-2024-27011
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fix memleak in map from abort path The delete set
command does not rely on the transaction object for element removal,
therefore, a combination of delete element + delete set from the abort path
could result in restoring twice the refcount of the mapping. Check for
inactive element in the next generation for the delete element command in
the abort path, skip restoring state if next generation bit has been
already cleared. This is similar to the activate logic using the set walk
iterator. [ 6170.286929] ------------[ cut here ]------------ [
6170.286939] WARNING: CPU: 6 PID: 790302 at
net/netfilter/nf_tables_api.c:2086 nf_tables_chain_destroy+0x1f7/0x220
[nf_tables] [ 6170.287071] Modules linked in: […] [ 6170.287633] CPU: 6
PID: 790302 Comm: kworker/6:2 Not tainted 6.9.0-rc3+ #365 [ 6170.287768]
RIP: 0010:nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.287886]
Code: df 48 8d 7d 58 e8 69 2e 3b df 48 8b 7d 58 e8 80 1b 37 df 48 8d 7d 68
e8 57 2e 3b df 48 8b 7d 68 e8 6e 1b 37 df 48 89 ef eb c4 <0f> 0b 48 83 c4
08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 0f [ 6170.287895] RSP:
0018:ffff888134b8fd08 EFLAGS: 00010202 [ 6170.287904] RAX: 0000000000000001
RBX: ffff888125bffb28 RCX: dffffc0000000000 [ 6170.287912] RDX:
0000000000000003 RSI: ffffffffa20298ab RDI: ffff88811ebe4750 [ 6170.287919]
RBP: ffff88811ebe4700 R08: ffff88838e812650 R09: fffffbfff0623a55 [
6170.287926] R10: ffffffff8311d2af R11: 0000000000000001 R12:
ffff888125bffb10 [ 6170.287933] R13: ffff888125bffb10 R14: dead000000000122
R15: dead000000000100 [ 6170.287940] FS: 0000000000000000(0000)
GS:ffff888390b00000(0000) knlGS:0000000000000000 [ 6170.287948] CS: 0010
DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6170.287955] CR2:
00007fd31fc00710 CR3: 0000000133f60004 CR4: 00000000001706f0 [ 6170.287962]
Call Trace: [ 6170.287967] <TASK> [ 6170.287973] ? __warn+0x9f/0x1a0 [
6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [
6170.288092] ? report_bug+0x1b1/0x1e0 [ 6170.287986] ?
nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.288092] ?
report_bug+0x1b1/0x1e0 [ 6170.288104] ? handle_bug+0x3c/0x70 [ 6170.288112]
? exc_invalid_op+0x17/0x40 [ 6170.288120] ? asm_exc_invalid_op+0x1a/0x20 [
6170.288132] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables] [
6170.288243] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [
6170.288366] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables] [
6170.288483] nf_tables_trans_destroy_work+0x588/0x590 [nf_tables]
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
References
git.kernel.org/linus/86a1471d7cde792941109b93b558b5dc078b9ee9 (6.9-rc5)
git.kernel.org/stable/c/49d0e656d19dfb2d4d7c230e4a720d37b3decff6
git.kernel.org/stable/c/86a1471d7cde792941109b93b558b5dc078b9ee9
launchpad.net/bugs/cve/CVE-2024-27011
nvd.nist.gov/vuln/detail/CVE-2024-27011
security-tracker.debian.org/tracker/CVE-2024-27011
www.cve.org/CVERecord?id=CVE-2024-27011
Related
