PT-2024-21615 · Linux+9 · Linux Kernel+9
Vegard Nossum
·
Published
2024-02-10
·
Updated
2026-05-26
·
CVE-2024-27011
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.9.0-rc3+ #365
Description
The vulnerability is related to a memleak in the netfilter nf tables module. The delete set command does not rely on the transaction object for element removal, which could result in restoring twice the refcount of the mapping when a combination of delete element and delete set commands are used from the abort path. The issue is resolved by checking for inactive elements in the next generation for the delete element command in the abort path and skipping the restoration of state if the next generation bit has been already cleared.
Recommendations
To resolve the issue, update the Linux kernel to a version that includes the fix for the netfilter nf tables memleak vulnerability. Specifically, update to a version later than 6.9.0-rc3+ #365.
Exploit
Fix
DoS
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu