PT-2024-36945 · Linux+6 · Linux Kernel+6

Phil Sutter

·

Published

2024-11-29

·

Updated

2025-10-07

·

CVE-2024-56637

CVSS v3.1

4.7

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74
Description A race condition in the Linux kernel's netfilter: ipset module can lead to a kernel crash. This occurs when user space unloads the ip set.ko module while it is requesting a set type backend module. The issue can be provoked by inserting a delay after the nfnl unlock() call.
Recommendations For versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider disabling the ip set.ko module until a patch is available. Restrict access to the vulnerable netfilter: ipset module to minimize the risk of exploitation. Avoid using the nfnl unlock() function in conjunction with mdelay() until the issue is resolved.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

BDU:2025-06102
CVE-2024-56637
DLA-4075-1
DLA-4076-1
MGASA-2025-0030
MGASA-2025-0032
OESA-2025-1286
OESA-2025-1339
OPENSUSE-SU-2025_0428-1
OPENSUSE-SU-2025_0499-1
OPENSUSE-SU-2025_0557-1
SUSE-SU-2025:0289-1
SUSE-SU-2025:0428-1
SUSE-SU-2025:0499-1
SUSE-SU-2025:0557-1
SUSE-SU-2025:0565-1
SUSE-SU-2025:20165-1
SUSE-SU-2025:20166-1
SUSE-SU-2025:20248-1
SUSE-SU-2025:20249-1
SUSE-SU-2025_0428-1
SUSE-SU-2025_0499-1
SUSE-SU-2025_0557-1
USN-7379-1
USN-7379-2
USN-7380-1
USN-7381-1
USN-7382-1
USN-7387-1
USN-7387-2
USN-7387-3
USN-7388-1
USN-7389-1
USN-7390-1
USN-7391-1
USN-7392-1
USN-7392-2
USN-7392-3
USN-7392-4
USN-7393-1
USN-7401-1
USN-7407-1
USN-7413-1
USN-7421-1
USN-7449-1
USN-7449-2
USN-7450-1
USN-7451-1
USN-7452-1
USN-7453-1
USN-7458-1
USN-7459-1
USN-7459-2
USN-7463-1
USN-7468-1
USN-7523-1
USN-7524-1
USN-7539-1
USN-7540-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu