cve/published/2024/CVE-2024-26809.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-26809: netfilter: nft_set_pipapo: release elements in clone only from destroy path

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 netfilter: nft_set_pipapo: release elements in clone only from destroy path

 Clone already always provides a current view of the lookup table, use it
 to destroy the set, otherwise it is possible to destroy elements twice.

 This fix requires:

  212ed75dc5fb ("netfilter: nf_tables: integrate pipapo into commit protocol")

 which came after:

  9827a0e6e23b ("netfilter: nft_set_pipapo: release elements in clone from abort path").

 The Linux kernel CVE team has assigned CVE-2024-26809 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.10.130 with commit 4a6430b99f67842617c7208ca55a411e903ba03a and fixed in 5.10.214 with commit b36b83297ff4910dfc8705402c8abffd4bbf8144
 	Issue introduced in 5.15.54 with commit 5ccecafc728b0df48263d5ac198220bcd79830bc and fixed in 5.15.153 with commit 362508506bf545e9ce18c72a2c48dcbfb891ab9c
 	Issue introduced in 5.19 with commit 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e and fixed in 6.1.83 with commit 5ad233dc731ab64cdc47b84a5c1f78fff6c024af
 	Issue introduced in 5.19 with commit 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e and fixed in 6.6.23 with commit ff90050771412b91e928093ccd8736ae680063c2
 	Issue introduced in 5.19 with commit 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e and fixed in 6.7.11 with commit 821e28d5b506e6a73ccc367ff792bd894050d48b
 	Issue introduced in 5.19 with commit 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e and fixed in 6.8.2 with commit 9384b4d85c46ce839f51af01374062ce6318b2f2
 	Issue introduced in 5.19 with commit 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e and fixed in 6.9 with commit b0e256f3dd2ba6532f37c5c22e07cb07a36031ee
 	Issue introduced in 5.18.11 with commit d2b18d110685ce46ca1633b8ec586c685e243a51

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-26809
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	net/netfilter/nft_set_pipapo.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/b36b83297ff4910dfc8705402c8abffd4bbf8144
 	https://git.kernel.org/stable/c/362508506bf545e9ce18c72a2c48dcbfb891ab9c
 	https://git.kernel.org/stable/c/5ad233dc731ab64cdc47b84a5c1f78fff6c024af
 	https://git.kernel.org/stable/c/ff90050771412b91e928093ccd8736ae680063c2
 	https://git.kernel.org/stable/c/821e28d5b506e6a73ccc367ff792bd894050d48b
 	https://git.kernel.org/stable/c/9384b4d85c46ce839f51af01374062ce6318b2f2
 	https://git.kernel.org/stable/c/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-26809: netfilter: nft_set_pipapo: release elements in clone only from destroy path

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	netfilter: nft_set_pipapo: release elements in clone only from destroy path

	Clone already always provides a current view of the lookup table, use it
	to destroy the set, otherwise it is possible to destroy elements twice.

	This fix requires:

	212ed75dc5fb ("netfilter: nf_tables: integrate pipapo into commit protocol")

	which came after:

	9827a0e6e23b ("netfilter: nft_set_pipapo: release elements in clone from abort path").

	The Linux kernel CVE team has assigned CVE-2024-26809 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.10.130 with commit 4a6430b99f67842617c7208ca55a411e903ba03a and fixed in 5.10.214 with commit b36b83297ff4910dfc8705402c8abffd4bbf8144
	Issue introduced in 5.15.54 with commit 5ccecafc728b0df48263d5ac198220bcd79830bc and fixed in 5.15.153 with commit 362508506bf545e9ce18c72a2c48dcbfb891ab9c
	Issue introduced in 5.19 with commit 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e and fixed in 6.1.83 with commit 5ad233dc731ab64cdc47b84a5c1f78fff6c024af
	Issue introduced in 5.19 with commit 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e and fixed in 6.6.23 with commit ff90050771412b91e928093ccd8736ae680063c2
	Issue introduced in 5.19 with commit 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e and fixed in 6.7.11 with commit 821e28d5b506e6a73ccc367ff792bd894050d48b
	Issue introduced in 5.19 with commit 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e and fixed in 6.8.2 with commit 9384b4d85c46ce839f51af01374062ce6318b2f2
	Issue introduced in 5.19 with commit 9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e and fixed in 6.9 with commit b0e256f3dd2ba6532f37c5c22e07cb07a36031ee
	Issue introduced in 5.18.11 with commit d2b18d110685ce46ca1633b8ec586c685e243a51

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-26809
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	net/netfilter/nft_set_pipapo.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/b36b83297ff4910dfc8705402c8abffd4bbf8144
	https://git.kernel.org/stable/c/362508506bf545e9ce18c72a2c48dcbfb891ab9c
	https://git.kernel.org/stable/c/5ad233dc731ab64cdc47b84a5c1f78fff6c024af
	https://git.kernel.org/stable/c/ff90050771412b91e928093ccd8736ae680063c2
	https://git.kernel.org/stable/c/821e28d5b506e6a73ccc367ff792bd894050d48b
	https://git.kernel.org/stable/c/9384b4d85c46ce839f51af01374062ce6318b2f2
	https://git.kernel.org/stable/c/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee