CVE-2024-26924

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the netfilter module in the Linux kernel, specifically with the nft set pipapo function. It can cause a crash when dealing with large batches of elements in a back-to-back add/remove pattern. The removal function does not work correctly if multiple elements share the same key, potentially leading to the wrong element being unmapped and resulting in a crash when the element is retrieved during lookup. The problem arises from the removal happening in two steps: first, looking up the key and marking the element as inactive, and second, removing the element from the set/map. If an element with the same key has timed out or is not active in the next generation, the removal might unmap the wrong element, causing the non-deactivated element to become unreachable and leading to a crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.