cve/published/2024/CVE-2024-26581.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-26581: netfilter: nft_set_rbtree: skip end interval element from gc

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 netfilter: nft_set_rbtree: skip end interval element from gc

 rbtree lazy gc on insert might collect an end interval element that has
 been just added in this transactions, skip end interval elements that
 are not yet active.

 The Linux kernel CVE team has assigned CVE-2024-26581 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.4.262 with commit acaee227cf79c45a5d2d49c3e9a66333a462802c and fixed in 5.4.269 with commit 10e9cb39313627f2eae4cd70c4b742074e998fd8
 	Issue introduced in 5.10.190 with commit 893cb3c3513cf661a0ff45fe0cfa83fe27131f76 and fixed in 5.10.210 with commit 4cee42fcf54fec46b344681e7cc4f234bb22f85a
 	Issue introduced in 5.15.124 with commit 50cbb9d195c197af671869c8cadce3bd483735a0 and fixed in 5.15.149 with commit 2bab493a5624444ec6e648ad0d55a362bcb4c003
 	Issue introduced in 6.1.43 with commit 89a4d1a89751a0fbd520e64091873e19cc0979e8 and fixed in 6.1.78 with commit 1296c110c5a0b45a8fcf58e7d18bc5da61a565cb
 	Issue introduced in 6.5 with commit f718863aca469a109895cb855e6b81fff4827d71 and fixed in 6.6.17 with commit b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7
 	Issue introduced in 6.5 with commit f718863aca469a109895cb855e6b81fff4827d71 and fixed in 6.7.5 with commit 6eb14441f10602fa1cf691da9d685718b68b78a9
 	Issue introduced in 6.5 with commit f718863aca469a109895cb855e6b81fff4827d71 and fixed in 6.8 with commit 60c0c230c6f046da536d3df8b39a20b9a9fd6af0
 	Issue introduced in 6.4.8 with commit cd66733932399475fe933cb3ec03e687ed401462

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-26581
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	net/netfilter/nft_set_rbtree.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/c60d252949caf9aba537525195edae6bbabc35eb
 	https://git.kernel.org/stable/c/10e9cb39313627f2eae4cd70c4b742074e998fd8
 	https://git.kernel.org/stable/c/4cee42fcf54fec46b344681e7cc4f234bb22f85a
 	https://git.kernel.org/stable/c/2bab493a5624444ec6e648ad0d55a362bcb4c003
 	https://git.kernel.org/stable/c/1296c110c5a0b45a8fcf58e7d18bc5da61a565cb
 	https://git.kernel.org/stable/c/b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7
 	https://git.kernel.org/stable/c/6eb14441f10602fa1cf691da9d685718b68b78a9
 	https://git.kernel.org/stable/c/60c0c230c6f046da536d3df8b39a20b9a9fd6af0
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-26581: netfilter: nft_set_rbtree: skip end interval element from gc

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	netfilter: nft_set_rbtree: skip end interval element from gc

	rbtree lazy gc on insert might collect an end interval element that has
	been just added in this transactions, skip end interval elements that
	are not yet active.

	The Linux kernel CVE team has assigned CVE-2024-26581 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.4.262 with commit acaee227cf79c45a5d2d49c3e9a66333a462802c and fixed in 5.4.269 with commit 10e9cb39313627f2eae4cd70c4b742074e998fd8
	Issue introduced in 5.10.190 with commit 893cb3c3513cf661a0ff45fe0cfa83fe27131f76 and fixed in 5.10.210 with commit 4cee42fcf54fec46b344681e7cc4f234bb22f85a
	Issue introduced in 5.15.124 with commit 50cbb9d195c197af671869c8cadce3bd483735a0 and fixed in 5.15.149 with commit 2bab493a5624444ec6e648ad0d55a362bcb4c003
	Issue introduced in 6.1.43 with commit 89a4d1a89751a0fbd520e64091873e19cc0979e8 and fixed in 6.1.78 with commit 1296c110c5a0b45a8fcf58e7d18bc5da61a565cb
	Issue introduced in 6.5 with commit f718863aca469a109895cb855e6b81fff4827d71 and fixed in 6.6.17 with commit b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7
	Issue introduced in 6.5 with commit f718863aca469a109895cb855e6b81fff4827d71 and fixed in 6.7.5 with commit 6eb14441f10602fa1cf691da9d685718b68b78a9
	Issue introduced in 6.5 with commit f718863aca469a109895cb855e6b81fff4827d71 and fixed in 6.8 with commit 60c0c230c6f046da536d3df8b39a20b9a9fd6af0
	Issue introduced in 6.4.8 with commit cd66733932399475fe933cb3ec03e687ed401462

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-26581
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	net/netfilter/nft_set_rbtree.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/c60d252949caf9aba537525195edae6bbabc35eb
	https://git.kernel.org/stable/c/10e9cb39313627f2eae4cd70c4b742074e998fd8
	https://git.kernel.org/stable/c/4cee42fcf54fec46b344681e7cc4f234bb22f85a
	https://git.kernel.org/stable/c/2bab493a5624444ec6e648ad0d55a362bcb4c003
	https://git.kernel.org/stable/c/1296c110c5a0b45a8fcf58e7d18bc5da61a565cb
	https://git.kernel.org/stable/c/b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7
	https://git.kernel.org/stable/c/6eb14441f10602fa1cf691da9d685718b68b78a9
	https://git.kernel.org/stable/c/60c0c230c6f046da536d3df8b39a20b9a9fd6af0