CVE-2024-35898

netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() nft_unregister_flowtable_type() within nf_flow_inet_module_exit() can concurrent with __nft_flowtable_type_get() within nf_tables_newflowtable(). And thhere is not any protection when iterate over nf_tables_flowtables list in __nft_flowtable_type_get(). Therefore, there is pertential data-race of nf_tables_flowtables list entry. Use list_for_each_entry_rcu() to iterate over nf_tables_flowtables list in __nft_flowtable_type_get(), and use rcu_read_lock() in the caller nft_flowtable_type_get() to protect the entire type query process.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Third-Party Advisory debian.org Third-Party Advisory debian.org
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/69d1fe14a680042ec913f22196b58e2c8ff1b007 patch
https://git.kernel.org/stable/c/a347bc8e6251eaee4b619da28020641eb5b0dd77 patch
https://git.kernel.org/stable/c/940d41caa71f0d3a52df2fde5fada524a993e331 patch
https://git.kernel.org/stable/c/2485bcfe05ee3cf9ca8923a94fa2e456924c79c8 patch
https://git.kernel.org/stable/c/9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b patch
https://git.kernel.org/stable/c/8b891153b2e4dc0ca9d9dab8f619d49c740813df patch
https://git.kernel.org/stable/c/e684b1674fd1ca4361812a491242ae871d6b2859 patch
https://git.kernel.org/stable/c/24225011d81b471acc0e1e315b7d9905459a6304 patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html mailing list third party advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html mailing list third party advisory

Frequently Asked Questions

What is the severity of CVE-2024-35898?
CVE-2024-35898 has been scored as a medium severity vulnerability.
How to fix CVE-2024-35898?
To fix CVE-2024-35898, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-35898 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-35898 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-35898?
CVE-2024-35898 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.