Informazioni sul CVE-2024-36005
netfilter: nf_tables: honor table dormant flag from netdev release event path
CWE ID: N/A
Base Score (CVSS): N/A
CVE: CVE-2024-36005
Descrizione: “The Linux kernel has resolved a vulnerability in the netfilter module: `netfilter: nf_tables: honor table dormant flag from netdev release event path` This vulnerability affects the `dormant` flag used in the netdev release event path. It attempts to unregister a hook that was previously unregistered. [524854.857999] ————[ cut here ]———— [524854.858010] WARNING: CPU: 0 PID: 3386599 at net/netfilter/core.c:501 __nf_unregister_net_hook+0x21a/0x260 […] [524854.858848] CPU: 0 PID: 3386599 Comm: kworker/u32:2 Not tainted 6.9.0-rc3+ #365 [524854.858869] Workqueue: netns cleanup_net [524854.858886] RIP: 0010:__nf_unregister_net_hook+0x21a/0x260 [524854.858903] Code: 24 e8 aa 73 83 ff 48 63 43 1c 83 f8 01 0f 85 3d ff ff ff e8 9f [524854.859000] CRITICAL ERROR: The kernel is attempting to unregister the `nf_tables_netdev_event` hook. This is a security vulnerability. This hook is used to notify the system about network events. The kernel is attempting to do this, but it’s a potential issue.”
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- https://git.kernel.org/stable/c/e4bb6da24de336a7899033a65490ed2d892efa5b
- https://git.kernel.org/stable/c/5c45feb3c288cf44a529e2657b36c259d86497d2
- https://git.kernel.org/stable/c/13ba94f6cc820fdea15efeaa17d4c722874eebf9
- https://git.kernel.org/stable/c/8260c980aee7d8d8a3db39faf19c391d2f898816
- https://git.kernel.org/stable/c/ca34c40d1c22c555fa7f4a21a1c807fea7290a0a
- https://git.kernel.org/stable/c/8e30abc9ace4f0add4cd761dfdbfaebae5632dd2
Prodotti interessati
- Linux – Linux
- Linux – Linux