PT-2024-21618 · Linux+11 · Linux Kernel+11

Published

2024-04-10

·

Updated

2025-10-03

·

CVE-2024-27017

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to the netfilter component in the Linux kernel, specifically the nft set pipapo module. The generation mask can be updated while a netlink dump is in progress, causing the pipapo set backend walk iterator to fail in inferring the correct view of the data structure. To address this, notation has been added to specify whether the user intends to read or update the set. This change is based on a patch from Florian Westphal.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2024:8856
ALSA-2024:8870
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-10855
ALT-PU-2025-12647
AZL-42163
BDU:2025-02926
CESA-2024_8856
CESA-2024_8870
CVE-2024-27017
DLA-4008-1
DLA-4075-1
DSA-5782-1
INFSA-2024_8856
INFSA-2024_8870
INFSA-2024_9315
OESA-2024-1738
OPENSUSE-SU-2024_4314-1
OPENSUSE-SU-2024_4316-1
RHSA-2024:8856
RHSA-2024:8870
RHSA-2024:9315
RHSA-2024_8856
RHSA-2024_8870
RHSA-2024_9315
RHSA-2025:1658
RLSA-2024:8856
RLSA-2024:8870
SUSE-SU-2024:4314-1
SUSE-SU-2024:4316-1
SUSE-SU-2024:4318-1
SUSE-SU-2024:4387-1
SUSE-SU-2025:20163-1
SUSE-SU-2025:20164-1
SUSE-SU-2025:20246-1
SUSE-SU-2025:20247-1
USN-6893-1
USN-6893-2
USN-6893-3
USN-6918-1
USN-6923-1
USN-6923-2
USN-6927-1
USN-6956-1
USN-6957-1
USN-7019-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu