CVE-2024-36286

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-36286
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() syzbot reported that nf_reinject() could be called without rcu_read_lock() : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Not tainted net/netfilter/nfnetlink_queue.c:263 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor.4/13427: #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline] #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2190 [inline] #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_core+0xa86/0x1830 kernel/rcu/tree.c:2471 #1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] #1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: nfqnl_flush net/netfilter/nfnetlink_queue.c:405 [inline] #1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: instance_destroy_rcu+0x30/0x220 net/netfilter/nfnetlink_queue.c:172 stack backtrace: CPU: 0 PID: 13427 Comm: syz-executor.4 Not tainted 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712 nf_reinject net/netfilter/nfnetlink_queue.c:323 [inline] nfqnl_reinject+0x6ec/0x1120 net/netfilter/nfnetlink_queue.c:397 nfqnl_flush net/netfilter/nfnetlink_queue.c:410 [inline] instance_destroy_rcu+0x1ae/0x220 net/netfilter/nfnetlink_queue.c:172 rcu_do_batch kernel/rcu/tree.c:2196 [inline] rcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471 handle_softirqs+0x2d6/0x990 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 </IRQ> <TASK>

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/215df6490e208bfdd5b3012f5075e7f8736f3e7a Patch
https://git.kernel.org/stable/c/25ea5377e3d2921a0f96ae2551f5ab1b36825dd4 Patch
https://git.kernel.org/stable/c/3989b817857f4890fab9379221a9d3f52bf5c256 Patch
https://git.kernel.org/stable/c/68f40354a3851df46c27be96b84f11ae193e36c5 Patch
https://git.kernel.org/stable/c/8658bd777cbfcb0c13df23d0ea120e70517761b9 Patch
https://git.kernel.org/stable/c/8f365564af898819a523f1a8cf5c6ce053e9f718 Patch
https://git.kernel.org/stable/c/dc21c6cc3d6986d938efbf95de62473982c98dec Patch
https://git.kernel.org/stable/c/e01065b339e323b3dfa1be217fd89e9b3208b0ab Patch
https://git.kernel.org/stable/c/215df6490e208bfdd5b3012f5075e7f8736f3e7a Patch
https://git.kernel.org/stable/c/25ea5377e3d2921a0f96ae2551f5ab1b36825dd4 Patch
https://git.kernel.org/stable/c/3989b817857f4890fab9379221a9d3f52bf5c256 Patch
https://git.kernel.org/stable/c/68f40354a3851df46c27be96b84f11ae193e36c5 Patch
https://git.kernel.org/stable/c/8658bd777cbfcb0c13df23d0ea120e70517761b9 Patch
https://git.kernel.org/stable/c/8f365564af898819a523f1a8cf5c6ce053e9f718 Patch
https://git.kernel.org/stable/c/dc21c6cc3d6986d938efbf95de62473982c98dec Patch
https://git.kernel.org/stable/c/e01065b339e323b3dfa1be217fd89e9b3208b0ab Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
History

07 Jan 2025, 17:08

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*
First Time Linux
Linux linux Kernel
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CWE NVD-CWE-noinfo
References () https://git.kernel.org/stable/c/215df6490e208bfdd5b3012f5075e7f8736f3e7a - () https://git.kernel.org/stable/c/215df6490e208bfdd5b3012f5075e7f8736f3e7a - Patch
References () https://git.kernel.org/stable/c/25ea5377e3d2921a0f96ae2551f5ab1b36825dd4 - () https://git.kernel.org/stable/c/25ea5377e3d2921a0f96ae2551f5ab1b36825dd4 - Patch
References () https://git.kernel.org/stable/c/3989b817857f4890fab9379221a9d3f52bf5c256 - () https://git.kernel.org/stable/c/3989b817857f4890fab9379221a9d3f52bf5c256 - Patch
References () https://git.kernel.org/stable/c/68f40354a3851df46c27be96b84f11ae193e36c5 - () https://git.kernel.org/stable/c/68f40354a3851df46c27be96b84f11ae193e36c5 - Patch
References () https://git.kernel.org/stable/c/8658bd777cbfcb0c13df23d0ea120e70517761b9 - () https://git.kernel.org/stable/c/8658bd777cbfcb0c13df23d0ea120e70517761b9 - Patch
References () https://git.kernel.org/stable/c/8f365564af898819a523f1a8cf5c6ce053e9f718 - () https://git.kernel.org/stable/c/8f365564af898819a523f1a8cf5c6ce053e9f718 - Patch
References () https://git.kernel.org/stable/c/dc21c6cc3d6986d938efbf95de62473982c98dec - () https://git.kernel.org/stable/c/dc21c6cc3d6986d938efbf95de62473982c98dec - Patch
References () https://git.kernel.org/stable/c/e01065b339e323b3dfa1be217fd89e9b3208b0ab - () https://git.kernel.org/stable/c/e01065b339e323b3dfa1be217fd89e9b3208b0ab - Patch

21 Nov 2024, 09:21

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/215df6490e208bfdd5b3012f5075e7f8736f3e7a - () https://git.kernel.org/stable/c/215df6490e208bfdd5b3012f5075e7f8736f3e7a -
References () https://git.kernel.org/stable/c/25ea5377e3d2921a0f96ae2551f5ab1b36825dd4 - () https://git.kernel.org/stable/c/25ea5377e3d2921a0f96ae2551f5ab1b36825dd4 -
References () https://git.kernel.org/stable/c/3989b817857f4890fab9379221a9d3f52bf5c256 - () https://git.kernel.org/stable/c/3989b817857f4890fab9379221a9d3f52bf5c256 -
References () https://git.kernel.org/stable/c/68f40354a3851df46c27be96b84f11ae193e36c5 - () https://git.kernel.org/stable/c/68f40354a3851df46c27be96b84f11ae193e36c5 -
References () https://git.kernel.org/stable/c/8658bd777cbfcb0c13df23d0ea120e70517761b9 - () https://git.kernel.org/stable/c/8658bd777cbfcb0c13df23d0ea120e70517761b9 -
References () https://git.kernel.org/stable/c/8f365564af898819a523f1a8cf5c6ce053e9f718 - () https://git.kernel.org/stable/c/8f365564af898819a523f1a8cf5c6ce053e9f718 -
References () https://git.kernel.org/stable/c/dc21c6cc3d6986d938efbf95de62473982c98dec - () https://git.kernel.org/stable/c/dc21c6cc3d6986d938efbf95de62473982c98dec -
References () https://git.kernel.org/stable/c/e01065b339e323b3dfa1be217fd89e9b3208b0ab - () https://git.kernel.org/stable/c/e01065b339e323b3dfa1be217fd89e9b3208b0ab -

15 Jul 2024, 07:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html', 'source': '416baaa9-dc9f-4396-8d5f-8c081fb06d67'}

27 Jun 2024, 12:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html -
Summary
  • (es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nfnetlink_queue: adquirir rcu_read_lock() en instancia_destroy_rcu() syzbot informó que se podía llamar a nf_reinject() sin rcu_read_lock() : ADVERTENCIA: uso sospechoso de RCU 6.9.0-rc7-syzkaller -02060-g5c1672705a1a #0 ¡No está contaminado net/netfilter/nfnetlink_queue.c:263 uso sospechoso de rcu_dereference_check()! otra información que podría ayudarnos a depurar esto: rcu_scheduler_active = 2, debug_locks = 1 2 bloqueos mantenidos por syz-executor.4/13427: #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, en: rcu_lock_acquire include/linux/rcupdate.h:329 [en línea] #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, en: rcu_do_batch kernel/rcu/tree.c:2190 [en línea] #0 : ffffffff8e334f60 (rcu_callback){....}-{0:0}, en: rcu_core+0xa86/0x1830 kernel/rcu/tree.c:2471 #1: ffff88801ca92958 (&amp;inst-&gt;lock){+.-.} -{2:2}, en: spin_lock_bh include/linux/spinlock.h:356 [en línea] #1: ffff88801ca92958 (&amp;inst-&gt;lock){+.-.}-{2:2}, en: nfqnl_flush net/ netfilter/nfnetlink_queue.c:405 [en línea] #1: ffff88801ca92958 (&amp;inst-&gt;lock){+.-.}-{2:2}, en: instancia_destroy_rcu+0x30/0x220 net/netfilter/nfnetlink_queue.c:172 pila backtrace: CPU: 0 PID: 13427 Comm: syz-executor.4 No contaminado 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Llamada de Google 02/04/2024 Trace: __dump_stack lib/dump_stack.c: 88 [en línea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c: 114 Lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c: 6712 nf_filt. C :323 [en línea] nfqnl_reinject+0x6ec/0x1120 net/netfilter/nfnetlink_queue.c:397 nfqnl_flush net/netfilter/nfnetlink_queue.c:410 [en línea] instancia_destroy_rcu+0x1ae/0x220 net/netfilter/nfnetlink_queue.c:172 do_batch kernel/rcu /tree.c:2196 [en línea] rcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471 handle_softirqs+0x2d6/0x990 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [en línea] invoke_softirq kernel/softirq .c:428 [en línea] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [en línea] r_interrupción+ 0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043

21 Jun 2024, 11:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-21 11:15

Updated : 2025-01-07 17:08

NVD link : CVE-2024-36286

Mitre link : CVE-2024-36286

CVE.ORG link : CVE-2024-36286

JSON object : View

Products Affected

linux

  • linux_kernel
CWE
NVD-CWE-noinfo