CVE-2024-27012Missing Release of Memory after Effective Lifetime in Linux

CWE-401Missing Release of Memory after Effective Lifetime29 documents9 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 99.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelFedoraproject Fedora
Timeline
PublishedMay 1
Latest updateNov 19

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: restore set elements when delete set fails From abort path, nft_mapelem_activate() needs to restore refcounters to the original state. Currently, it uses the set->ops->walk() to iterate over these set elements. The existing set iterator skips inactive elements in the next generation, this does not work from the abort path to restore the original state since it has to skip active elements instead (not inac

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel6.46.8.8+1
Debianlinux/linux_kernel< 6.8.9-1+1
CVEListV5linux/linux628bd3e49cba1c066228e23d71a852c23e26da7386658fc7414d4b9e25c2699d751034537503d637+8

Also affects: Fedora 38, 39, 40

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

11
OSV
linux-azure-fde vulnerabilities2024-10-31
OSV
linux-raspi-5.4 vulnerabilities2024-10-10
OSV
linux-azure-fde-5.15 vulnerabilities2024-10-03
OSV
linux-raspi vulnerabilities2024-10-01
OSV
linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities2024-09-26

📋Vendor Advisories

16
Ubuntu
Linux kernel (IoT) vulnerabilities2024-11-19
Ubuntu
Linux kernel vulnerabilities2024-10-31
Ubuntu
Linux kernel vulnerabilities2024-10-10
Ubuntu
Linux kernel vulnerabilities2024-10-03
Ubuntu
Linux kernel vulnerabilities2024-10-01

💬Community

1
Bugzilla
CVE-2024-27012 kernel: netfilter: nf_tables: restore set elements when delete set fails2024-05-01
CVE-2024-27012 — Linux vulnerability | cvebase