cve/published/2024/CVE-2024-26642.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-26642: netfilter: nf_tables: disallow anonymous set with timeout flag

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 netfilter: nf_tables: disallow anonymous set with timeout flag

 Anonymous sets are never used with timeout from userspace, reject this.
 Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.

 The Linux kernel CVE team has assigned CVE-2024-26642 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.1 with commit 761da2935d6e18d178582dbdf315a3a458555505 and fixed in 4.19.312 with commit e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9
 	Issue introduced in 4.1 with commit 761da2935d6e18d178582dbdf315a3a458555505 and fixed in 5.4.274 with commit e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f
 	Issue introduced in 4.1 with commit 761da2935d6e18d178582dbdf315a3a458555505 and fixed in 5.10.215 with commit fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351
 	Issue introduced in 4.1 with commit 761da2935d6e18d178582dbdf315a3a458555505 and fixed in 5.15.154 with commit 7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199
 	Issue introduced in 4.1 with commit 761da2935d6e18d178582dbdf315a3a458555505 and fixed in 6.1.84 with commit 72c1efe3f247a581667b7d368fff3bd9a03cd57a
 	Issue introduced in 4.1 with commit 761da2935d6e18d178582dbdf315a3a458555505 and fixed in 6.6.24 with commit c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12
 	Issue introduced in 4.1 with commit 761da2935d6e18d178582dbdf315a3a458555505 and fixed in 6.7.12 with commit 8e07c16695583a66e81f67ce4c46e94dece47ba7
 	Issue introduced in 4.1 with commit 761da2935d6e18d178582dbdf315a3a458555505 and fixed in 6.8 with commit 16603605b667b70da974bea8216c93e7db043bf1

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-26642
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	net/netfilter/nf_tables_api.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9
 	https://git.kernel.org/stable/c/e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f
 	https://git.kernel.org/stable/c/fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351
 	https://git.kernel.org/stable/c/7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199
 	https://git.kernel.org/stable/c/72c1efe3f247a581667b7d368fff3bd9a03cd57a
 	https://git.kernel.org/stable/c/c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12
 	https://git.kernel.org/stable/c/8e07c16695583a66e81f67ce4c46e94dece47ba7
 	https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-26642: netfilter: nf_tables: disallow anonymous set with timeout flag

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	netfilter: nf_tables: disallow anonymous set with timeout flag

	Anonymous sets are never used with timeout from userspace, reject this.
	Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.

	The Linux kernel CVE team has assigned CVE-2024-26642 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.1 with commit 761da2935d6e18d178582dbdf315a3a458555505 and fixed in 4.19.312 with commit e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9
	Issue introduced in 4.1 with commit 761da2935d6e18d178582dbdf315a3a458555505 and fixed in 5.4.274 with commit e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f
	Issue introduced in 4.1 with commit 761da2935d6e18d178582dbdf315a3a458555505 and fixed in 5.10.215 with commit fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351
	Issue introduced in 4.1 with commit 761da2935d6e18d178582dbdf315a3a458555505 and fixed in 5.15.154 with commit 7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199
	Issue introduced in 4.1 with commit 761da2935d6e18d178582dbdf315a3a458555505 and fixed in 6.1.84 with commit 72c1efe3f247a581667b7d368fff3bd9a03cd57a
	Issue introduced in 4.1 with commit 761da2935d6e18d178582dbdf315a3a458555505 and fixed in 6.6.24 with commit c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12
	Issue introduced in 4.1 with commit 761da2935d6e18d178582dbdf315a3a458555505 and fixed in 6.7.12 with commit 8e07c16695583a66e81f67ce4c46e94dece47ba7
	Issue introduced in 4.1 with commit 761da2935d6e18d178582dbdf315a3a458555505 and fixed in 6.8 with commit 16603605b667b70da974bea8216c93e7db043bf1

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-26642
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	net/netfilter/nf_tables_api.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/e4988d8415bd0294d6f9f4a1e7095f8b50a97ca9
	https://git.kernel.org/stable/c/e9a0d3f376eb356d54ffce36e7cc37514cbfbd6f
	https://git.kernel.org/stable/c/fe40ffbca19dc70d7c6b1e3c77b9ccb404c57351
	https://git.kernel.org/stable/c/7cdc1be24cc1bcd56a3e89ac4aef20e31ad09199
	https://git.kernel.org/stable/c/72c1efe3f247a581667b7d368fff3bd9a03cd57a
	https://git.kernel.org/stable/c/c0c2176d1814b92ea4c8e7eb7c9cd94cd99c1b12
	https://git.kernel.org/stable/c/8e07c16695583a66e81f67ce4c46e94dece47ba7
	https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1