PT-2024-8251 · Linux+9 · Linux Kernel+9

Pablo Neira Ayuso

Published

2024-02-21

Updated

2026-03-14

CVE-2024-27403

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to the netfilter component, specifically the nft flow offload function, where the dst is transferred to the flow object, and the route object does not own it anymore. If the flow offload add() function fails, the error path releases the dst twice, leading to a refcount underflow. This can potentially allow an attacker to execute arbitrary code.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191

Related Identifiers

ALSA-2024:8162

ALSA-2025_16880

BDU:2024-09804

CVE-2024-27403

INFSA-2024_8162

OESA-2024-1677

OESA-2024-1678

OESA-2024-1682

OESA-2024-2295

OPENSUSE-SU-2024_3190-1

OPENSUSE-SU-2024_3209-1

OPENSUSE-SU-2024_3483-1

RHSA-2024:4106

RHSA-2024:4108

RHSA-2024:5256

RHSA-2024:5257

RHSA-2024:8162

RHSA-2024_8162

RLSA-2024:8162

SUSE-SU-2024:3190-1

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3383-1

SUSE-SU-2024:3483-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-6820-1

USN-6820-2

USN-6821-1

USN-6821-2

USN-6821-3

USN-6821-4

USN-6828-1

USN-6871-1

USN-6892-1

USN-6919-1

Affected Products

Almalinux

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-8251 · Linux+9 · Linux Kernel+9

CVE-2024-27403

Weakness Enumeration

Related Identifiers

Affected Products

References · 1779