Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 8 May 2024 15:22:57 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2024-26925: Linux: nf_tables: locking issue
 in the nf_tables_abort() function

Hi,

On Wed, May 08, 2024 at 12:42:57AM +0800, HexRabbit Chen wrote:
> Hello,
> 
> I found a locking issue in nf_tables set element GC implementation and
> exploited it in kernelCTF. The bug breaks the sequence number assumption
> in set asynchronous GC, which can be used to cause double free, and
> leads to local privilege escalation.
> 
> Introduced in v6.5:
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=720344340fb9
> 
> Fixed in v6.9-rc3:
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0d459e2ffb54

Should be noted that this though has been backported to stable series:

5.4.262, 5.10.198, 5.15.134, 6.1.56, 6.4.13

but equally the fix in

5.4.274, 5.10.215, 5.15.155, 6.1.86, 6.6.26, 6.8.5.

Regards.
Salvatore

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.