CVE-2024-27020
Published: May 1, 2024
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() nft_unregister_expr() can concurrent with __nft_expr_type_get(), and there is not any protection when iterate over nf_tables_expressions list in __nft_expr_type_get(). Therefore, there is potential data-race of nf_tables_expressions list entry. Use list_for_each_entry_rcu() to iterate over nf_tables_expressions list in __nft_expr_type_get(), and use rcu_read_lock() in the caller nft_expr_type_get() to protect the entire type query process.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected ef1f7df9170dbd875ce198ba84e6ab80f6fc139e - < 939109c0a8e2a006a6cc8209e262d25065f4403aaffected ef1f7df9170dbd875ce198ba84e6ab80f6fc139e - < b38a133d37fa421c8447b383d788c9cc6f5cb34caffected ef1f7df9170dbd875ce198ba84e6ab80f6fc139e - < 934e66e231cff2b18faa2c8aad0b8cec13957e05affected ef1f7df9170dbd875ce198ba84e6ab80f6fc139e - < 0b6de00206adbbfc6373b3ae38d2a6f197987907affected ef1f7df9170dbd875ce198ba84e6ab80f6fc139e - < 8d56bad42ac4c43c6c72ddd6a654a2628bf839c5+3 more versions |
Linux | Linux | affected 3.13unaffected 0 - < 3.13unaffected 4.19.313 - <= 4.19.*unaffected 5.4.275 - <= 5.4.*unaffected 5.10.216 - <= 5.10.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now