Lucene search

K

GoogleOSV:CVE-2024-27017

HistoryMay 01, 2024 - 6:15 a.m.

CVE-2024-27017

2024-05-0106:15:00

Google

osv.dev

3

linux kernel

netfilter

nft_set_pipapo

netlink

vulnerability

update

patch

florian westphal

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.5

Confidence

Low

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view of the datastructure is to be used. Add notation to specify if user wants to read/update the set. Based on patch from Florian Westphal.

References

git.kernel.org/linus/29b359cf6d95fd60730533f7f10464e95bd17c73

git.kernel.org/stable/c/29b359cf6d95fd60730533f7f10464e95bd17c73

git.kernel.org/stable/c/721715655c72640567e8742567520c99801148ed

ubuntu.com/security/CVE-2024-27017

ubuntu.com/security/notices/USN-6893-1

ubuntu.com/security/notices/USN-6893-2

ubuntu.com/security/notices/USN-6893-3

ubuntu.com/security/notices/USN-6918-1

ubuntu.com/security/notices/USN-6923-1

ubuntu.com/security/notices/USN-6923-2

ubuntu.com/security/notices/USN-6927-1

www.cve.org/CVERecord?id=CVE-2024-27017

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.5

Confidence

Low

Related for OSV:CVE-2024-27017

cvelist1 redhatcve1 nvd1 vulnrichment1 ubuntucve1 cve1 debiancve1 osv10 openvas17 nessus17 ubuntu9 fedora3