CVE-2024-27019 netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()

2024-05-0105:30:11

Linux

github.com

linux kernel

netfilter

nf_tables

data-race

fix

potential

cve-2024-27019

vulnerability

AI Score

6.7

Confidence

Low

EPSS

Percentile

10.3%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()

nft_unregister_obj() can concurrent with __nft_obj_type_get(),
and there is not any protection when iterate over nf_tables_objects
list in __nft_obj_type_get(). Therefore, there is potential data-race
of nf_tables_objects list entry.

Use list_for_each_entry_rcu() to iterate over nf_tables_objects
list in __nft_obj_type_get(), and use rcu_read_lock() in the caller
nft_obj_type_get() to protect the entire type query process.

CNA Affected

[
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "e50092404c1b",
        "lessThan": "cade34279c22",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "e50092404c1b",
        "lessThan": "379bf7257bc5",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "e50092404c1b",
        "lessThan": "df7c0fb8c2b9",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "e50092404c1b",
        "lessThan": "ad333578f736",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "e50092404c1b",
        "lessThan": "4ca946b19caf",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "e50092404c1b",
        "lessThan": "d78d867dcea6",
        "versionType": "git"
      }
    ],
    "programFiles": [
      "net/netfilter/nf_tables_api.c"
    ],
    "defaultStatus": "unaffected"
  },
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "4.10"
      },
      {
        "status": "unaffected",
        "version": "0",
        "lessThan": "4.10",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "5.10.219",
        "versionType": "custom",
        "lessThanOrEqual": "5.10.*"
      },
      {
        "status": "unaffected",
        "version": "5.15.157",
        "versionType": "custom",
        "lessThanOrEqual": "5.15.*"
      },
      {
        "status": "unaffected",
        "version": "6.1.88",
        "versionType": "custom",
        "lessThanOrEqual": "6.1.*"
      },
      {
        "status": "unaffected",
        "version": "6.6.29",
        "versionType": "custom",
        "lessThanOrEqual": "6.6.*"
      },
      {
        "status": "unaffected",
        "version": "6.8.8",
        "versionType": "custom",
        "lessThanOrEqual": "6.8.*"
      },
      {
        "status": "unaffected",
        "version": "6.9",
        "versionType": "original_commit_for_fix",
        "lessThanOrEqual": "*"
      }
    ],
    "programFiles": [
      "net/netfilter/nf_tables_api.c"
    ],
    "defaultStatus": "affected"
  }
]