Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveLinuxCVE-2024-27395
HistoryMay 14, 2024 - 3:12 p.m.

CVE-2024-27395

2024-05-1415:12:27
Linux
web.nvd.nist.gov
1582
linux kernel
cve-2024-27395
net
openvswitch
fix use-after-free
ovs_ct_exit
hlist_for_each_entry_safe
vulnerability
nvd

AI Score

6.5

Confidence

Low

EPSS

0

Percentile

13.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

net: openvswitch: Fix Use-After-Free in ovs_ct_exit

Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal
of ovs_ct_limit_exit, is not part of the RCU read critical section, it
is possible that the RCU grace period will pass during the traversal and
the key will be free.

To prevent this, it should be changed to hlist_for_each_entry_safe.

Affected configurations

Vulners
Node
linuxlinux_kernelRange4.184.19.313
OR
linuxlinux_kernelRange4.20.05.4.275
OR
linuxlinux_kernelRange5.5.05.10.216
OR
linuxlinux_kernelRange5.11.05.15.158
OR
linuxlinux_kernelRange5.16.06.1.90
OR
linuxlinux_kernelRange6.2.06.6.30
OR
linuxlinux_kernelRange6.7.06.8.9
OR
linuxlinux_kernelRange6.9.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/openvswitch/conntrack.c"
    ],
    "versions": [
      {
        "version": "11efd5cb04a1",
        "lessThan": "2db9a8c0a01f",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "11efd5cb04a1",
        "lessThan": "589523cf0b38",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "11efd5cb04a1",
        "lessThan": "35880c3fa6f8",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "11efd5cb04a1",
        "lessThan": "9048616553c6",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "11efd5cb04a1",
        "lessThan": "bca6fa2d9a9f",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "11efd5cb04a1",
        "lessThan": "eaa5e164a211",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "11efd5cb04a1",
        "lessThan": "edee0758747d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "11efd5cb04a1",
        "lessThan": "5ea7b72d4fac",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/openvswitch/conntrack.c"
    ],
    "versions": [
      {
        "version": "4.18",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "4.18",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.313",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.275",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.216",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.158",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.90",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.30",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.8.9",
        "lessThanOrEqual": "6.8.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

osv 26
ubuntucve 1
nvd 1
cbl_mariner 1
debiancve 1
cvelist 1
redhatcve 1
vulnrichment 1
nessus 47
photon 2
openvas 33
ubuntu 16
rocky 3
redhat 6
oraclelinux 1
mageia 2
osv
osv
CVE-2024-27395
2024-05-14 15:12:00
linux-hwe-5.4, linux-oracle-5.4 vulnerabilities
2024-07-16 11:47:17
linux-aws-5.15 vulnerabilities
2024-07-23 09:43:14
ubuntucve
ubuntucve
CVE-2024-27395
2024-05-14 00:00:00
nvd
nvd
CVE-2024-27395
2024-05-14 15:12:27
cbl_mariner
cbl_mariner
CVE-2024-27395 affecting package hyperv-daemons for versions less than 6.6.35.1-1
2024-07-23 02:21:02
debiancve
debiancve
CVE-2024-27395
2024-05-14 15:12:27
cvelist
cvelist
CVE-2024-27395 net: openvswitch: Fix Use-After-Free in ovs_ct_exit
2024-05-09 16:37:15
redhatcve
redhatcve
CVE-2024-27395
2024-05-14 23:56:25
vulnrichment
vulnrichment
CVE-2024-27395 net: openvswitch: Fix Use-After-Free in ovs_ct_exit
2024-05-09 16:37:15
nessus
nessus
Photon OS 3.0: Linux PHSA-2024-3.0-0760
2024-07-24 00:00:00
Photon OS 5.0: Linux PHSA-2024-5.0-0274
2024-07-24 00:00:00
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-695)
2024-08-06 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-3.0-0760
2024-05-23 00:00:00
Important Photon OS Security Update - PHSA-2024-5.0-0274
2024-05-18 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-2352)
2024-09-10 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1887)
2024-07-16 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-2140)
2024-08-20 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2024-07-19 00:00:00
Linux kernel vulnerabilities
2024-07-17 00:00:00
Linux kernel vulnerabilities
2024-07-17 00:00:00
rocky
rocky
kernel-rt security update
2024-08-21 14:52:36
kernel security update
2024-09-17 00:57:33
kernel security update
2024-08-21 14:52:19
redhat
redhat
(RHSA-2024:5102) Important: kernel-rt security update
2024-08-08 04:34:36
(RHSA-2024:5432) Moderate: OpenShift Container Platform 4.14.35 security update
2024-08-21 21:38:55
(RHSA-2024:5438) Moderate: OpenShift Container Platform 4.15.28 packages and security update
2024-08-21 03:33:53
oraclelinux
oraclelinux
kernel security update
2024-08-08 00:00:00
mageia
mageia
Updated kernel kmod-xtables-addons kmod-virtualbox dwarves packages fix security vulnerabilities
2024-07-13 10:54:44
Updated kernel-linus packages fix security vulnerabilities
2024-07-14 08:23:38

AI Score

6.5

Confidence

Low

EPSS

0

Percentile

13.0%

JSON
Related for CVE-2024-27395
osv26ubuntucve1nvd1cbl_mariner1debiancve1cvelist1redhatcve1vulnrichment1nessus47photon2openvas33ubuntu16rocky3redhat6oraclelinux1mageia2