CVE-2024-35897
netfilter: nf_tables: discard table flag update with pending basechain deletion
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: discard table flag update with pending basechain deletion
Hook unregistration is deferred to the commit phase, same occurs with
hook updates triggered by the table dormant flag. When both commands are
combined, this results in deleting a basechain while leaving its hook
still registered in the core.
Affected products
Linux · LinuxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://cert-portal.siemens.com/productcert/html/ssa-265688.htmlhttps://git.kernel.org/stable/c/1bc83a019bbe268be3526406245ec28c2458a518https://git.kernel.org/stable/c/2aeb805a1bcd5f27c8c0d1a9d4d653f16d1506f4https://git.kernel.org/stable/c/6cbbe1ba76ee7e674a86abd43009b083a45838cbhttps://git.kernel.org/stable/c/7f609f630951b624348373cef99991ce08831927https://git.kernel.org/stable/c/9627fd0c6ea1c446741a33e67bc5709c59923827https://git.kernel.org/stable/c/9a3b90904d8a072287480eed4c3ece4b99d64f78https://git.kernel.org/stable/c/b58d0ac35f6d75ec1db8650a29dfd6f292c11362https://git.kernel.org/stable/c/e75faf01e22ec7dc671640fa0e0968964fafd2fchttps://lists.debian.org/debian-lts-announce/2024/06/msg00017.html