PT-2024-8257 · Linux+9 · Linux Kernel+9

Pablo Neira Ayuso

·

Published

2024-04-04

·

Updated

2025-12-17

·

CVE-2024-35897

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to the netfilter component, specifically the nf tables, where a discard table flag update with pending basechain deletion can cause a hook to remain registered in the core after its basechain has been deleted. This occurs when hook unregistration is deferred to the commit phase and combined with hook updates triggered by the table dormant flag. The vulnerability may allow an attacker to cause a denial of service.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALSA-2024:5101
ALSA-2024:5102
ALSA-2024:5928
ALSA-2025_16880
BDU:2024-09810
CESA-2024_5101
CESA-2024_5102
CVE-2024-35897
DLA-3842-1
INFSA-2024_5101
INFSA-2024_5102
INFSA-2024_5928
OESA-2024-1682
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3483-1
RHSA-2024:4823
RHSA-2024:4831
RHSA-2024:5101
RHSA-2024:5102
RHSA-2024:5256
RHSA-2024:5257
RHSA-2024:5928
RHSA-2024_5101
RHSA-2024_5102
RHSA-2024_5928
RLSA-2024:5101
RLSA-2024:5102
RXSA-2024:5101
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3483-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-6893-1
USN-6893-2
USN-6893-3
USN-6896-1
USN-6896-2
USN-6896-3
USN-6896-4
USN-6896-5
USN-6898-1
USN-6898-2
USN-6898-3
USN-6898-4
USN-6917-1
USN-6918-1
USN-6919-1
USN-6927-1
USN-7019-1

Affected Products

Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu