CVE-2024-26910
Published: Apr 17, 2024
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix performance regression in swap operation The patch "netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test", commit 28628fa9 fixes a race condition. But the synchronize_rcu() added to the swap function unnecessarily slows it down: it can safely be moved to destroy and use call_rcu() instead. Eric Dumazet pointed out that simply calling the destroy functions as rcu callback does not work: sets with timeout use garbage collectors which need cancelling at destroy which can wait. Therefore the destroy functions are split into two: cancelling garbage collectors safely at executing the command received by netlink and moving the remaining part only into the rcu callback.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 427deb5ba5661c4ae1cfb35955d2e01bd5f3090a - < c7f2733e5011bfd136f1ca93497394d43aa76225affected e7152a138a5ac77439ff4e7a7533448a7d4c260d - < a24d5f2ac8ef702a58e55ec276aad29b4bd97e05affected 8bb930c3a1eacec1b14817f565ff81667c7c5dfa - < c2dc077d8f722a1c73a24e674f925602ee5ece49affected 875ee3a09e27b7adb7006ca6d16faf7f33415aa5 - < 653bc5e6d9995d7d5f497c665b321875a626161caffected 23c31036f862582f98386120aee55c9ae23d7899 - < b93a6756a01f4fd2f329a39216f9824c56a66397+9 more versions |
Linux | Linux | affected 6.7unaffected 0 - < 6.7unaffected 5.4.269 - <= 5.4.*unaffected 5.10.210 - <= 5.10.*unaffected 5.15.149 - <= 5.15.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now