Assigner | Linux |
Reserved | 2024-02-19 |
Published | 2024-04-04 |
Updated | 2024-05-29 |
Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: release elements in clone only from destroy path Clone already always provides a current view of the lookup table, use it to destroy the set, otherwise it is possible to destroy elements twice. This fix requires: 212ed75dc5fb ("netfilter: nf_tables: integrate pipapo into commit protocol") which came after: 9827a0e6e23b ("netfilter: nft_set_pipapo: release elements in clone from abort path").
Product status
4a6430b99f67 before b36b83297ff4
5ccecafc728b before 362508506bf5
9827a0e6e23b before 5ad233dc731a
9827a0e6e23b before ff9005077141
9827a0e6e23b before 821e28d5b506
9827a0e6e23b before 9384b4d85c46
9827a0e6e23b before b0e256f3dd2b
5.19
Any version before 5.19
5.10.214
5.15.153
6.1.83
6.6.23
6.7.11
6.8.2
6.9
References
https://git.kernel.org/stable/c/b36b83297ff4910dfc8705402c8abffd4bbf8144
https://git.kernel.org/stable/c/362508506bf545e9ce18c72a2c48dcbfb891ab9c
https://git.kernel.org/stable/c/5ad233dc731ab64cdc47b84a5c1f78fff6c024af
https://git.kernel.org/stable/c/ff90050771412b91e928093ccd8736ae680063c2
https://git.kernel.org/stable/c/821e28d5b506e6a73ccc367ff792bd894050d48b
https://git.kernel.org/stable/c/9384b4d85c46ce839f51af01374062ce6318b2f2
https://git.kernel.org/stable/c/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html