Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2024-42109
HistoryJul 30, 2024 - 12:00 a.m.

CVE-2024-42109

2024-07-3000:00:00
ubuntu.com
ubuntu.com
6
linux kernel
netfilter
nf_tables
vulnerability
flushing
pending work
kasan
slab-uaf
notifier
transactions
table-to-be-removed
nf-next
commit e169285f8c56
unconditional fetch

AI Score

6.8

Confidence

High

EPSS

0

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: unconditionally flush pending work before notifier
syzbot reports:
KASAN: slab-uaf in nft_ctx_update include/net/netfilter/nf_tables.h:1831
KASAN: slab-uaf in nft_commit_release net/netfilter/nf_tables_api.c:9530
KASAN: slab-uaf int nf_tables_trans_destroy_work+0x152b/0x1750
net/netfilter/nf_tables_api.c:9597
Read of size 2 at addr ffff88802b0051c4 by task kworker/1:1/45
[…]
Workqueue: events nf_tables_trans_destroy_work
Call Trace:
nft_ctx_update include/net/netfilter/nf_tables.h:1831 [inline]
nft_commit_release net/netfilter/nf_tables_api.c:9530 [inline]
nf_tables_trans_destroy_work+0x152b/0x1750
net/netfilter/nf_tables_api.c:9597
Problem is that the notifier does a conditional flush, but its possible
that the table-to-be-removed is still referenced by transactions being
processed by the worker, so we need to flush unconditionally.
We could make the flush_work depend on whether we found a table to delete
in nf-next to avoid the flush for most cases.
AFAICS this problem is only exposed in nf-next, with
commit e169285f8c56 (“netfilter: nf_tables: do not store nft_ctx in
transaction objects”),
with this commit applied there is an unconditional fetch of
table->family which is whats triggering the above splat.

Related

cvelist 1
redhatcve 1
nvd 1
vulnrichment 1
debiancve 1
osv 6
cve 1
photon 1
nessus 7
mageia 2
openvas 5
oraclelinux 1
cvelist
cvelist
CVE-2024-42109 netfilter: nf_tables: unconditionally flush pending work before notifier
2024-07-30 07:46:04
redhatcve
redhatcve
CVE-2024-42109
2024-07-31 09:18:50
nvd
nvd
CVE-2024-42109
2024-07-30 08:15:03
vulnrichment
vulnrichment
CVE-2024-42109 netfilter: nf_tables: unconditionally flush pending work before notifier
2024-07-30 07:46:04
debiancve
debiancve
CVE-2024-42109
2024-07-30 08:15:03
osv
osv
CVE-2024-42109
2024-07-30 08:15:03
linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia, linux-oracle, linux-raspi vulnerabilities
2024-09-13 09:38:11
linux-azure, linux-azure-5.15, linux-azure-fde vulnerabilities
2024-09-13 11:47:02
cve
cve
CVE-2024-42109
2024-07-30 08:15:03
photon
photon
Critical Photon OS Security Update - PHSA-2024-5.0-0345
2024-08-09 00:00:00
nessus
nessus
Photon OS 5.0: Linux PHSA-2024-5.0-0345
2024-08-15 00:00:00
Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2024-12618)
2024-09-12 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-7007-1)
2024-09-13 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2024-08-07 08:49:38
Updated kernel, kmod-xtables-addons & kmod-virtualbox packages fix security vulnerabilities
2024-08-07 08:49:38
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0277)
2024-08-07 00:00:00
Mageia: Security Advisory (MGASA-2024-0278)
2024-08-07 00:00:00
Ubuntu: Security Advisory (USN-7007-1)
2024-09-16 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2024-09-12 00:00:00

AI Score

6.8

Confidence

High

EPSS

0

Percentile

5.0%

JSON
Related for UB:CVE-2024-42109
cvelist1redhatcve1nvd1vulnrichment1debiancve1osv6cve1photon1nessus7mageia2openvas5oraclelinux1