CVE-2024-35898
Published: May 19, 2024
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() nft_unregister_flowtable_type() within nf_flow_inet_module_exit() can concurrent with __nft_flowtable_type_get() within nf_tables_newflowtable(). And thhere is not any protection when iterate over nf_tables_flowtables list in __nft_flowtable_type_get(). Therefore, there is pertential data-race of nf_tables_flowtables list entry. Use list_for_each_entry_rcu() to iterate over nf_tables_flowtables list in __nft_flowtable_type_get(), and use rcu_read_lock() in the caller nft_flowtable_type_get() to protect the entire type query process.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 3b49e2e94e6ebb8b23d0955d9e898254455734f8 - < 69d1fe14a680042ec913f22196b58e2c8ff1b007affected 3b49e2e94e6ebb8b23d0955d9e898254455734f8 - < a347bc8e6251eaee4b619da28020641eb5b0dd77affected 3b49e2e94e6ebb8b23d0955d9e898254455734f8 - < 940d41caa71f0d3a52df2fde5fada524a993e331affected 3b49e2e94e6ebb8b23d0955d9e898254455734f8 - < 2485bcfe05ee3cf9ca8923a94fa2e456924c79c8affected 3b49e2e94e6ebb8b23d0955d9e898254455734f8 - < 9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b+3 more versions |
Linux | Linux | affected 4.16unaffected 0 - < 4.16unaffected 4.19.312 - <= 4.19.*unaffected 5.4.274 - <= 5.4.*unaffected 5.10.215 - <= 5.10.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now