CVE-2024-26809

2024-04-0400:00:00

ubuntu.com

linux kernel

netfilter

nft_set_pipapo

vulnerability

element release

AI Score

7.5

Confidence

High

EPSS

Percentile

10.3%

JSON

In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: release elements in clone only from destroy path
Clone already always provides a current view of the lookup table, use it to
destroy the set, otherwise it is possible to destroy elements twice. This
fix requires: 212ed75dc5fb (“netfilter: nf_tables: integrate pipapo into
commit protocol”) which came after: 9827a0e6e23b (“netfilter:
nft_set_pipapo: release elements in clone from abort path”).

Notes

Author	Note
	Priority reason: Reported by Google kCTF

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux-hwe-5.15< 5.15.0-113.123~20.04.1UNKNOWN
ubuntu22.04noarchlinux-hwe-6.5< 6.5.0-44.44~22.04.1UNKNOWN
ubuntu22.04noarchlinux-kvm< 5.15.0-1060.65UNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1063.69~20.04.1UNKNOWN
ubuntu22.04noarchlinux-aws-6.5< 6.5.0-1022.22~22.04.1UNKNOWN
ubuntu24.04noarchlinux-azure< 6.8.0-1008.8UNKNOWN
ubuntu22.04noarchlinux-azure< 5.15.0-1066.75UNKNOWN
ubuntu23.10noarchlinux-azure< 6.5.0-1023.24UNKNOWN
ubuntu20.04noarchlinux-azure-5.15< anyUNKNOWN
ubuntu22.04noarchlinux-azure-6.5< 6.5.0-1023.24~22.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	linux-hwe-5.15	< 5.15.0-113.123~20.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-hwe-6.5	< 6.5.0-44.44~22.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-kvm	< 5.15.0-1060.65	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< 5.15.0-1063.69~20.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< 6.5.0-1022.22~22.04.1	UNKNOWN
ubuntu	24.04	noarch	linux-azure	< 6.8.0-1008.8	UNKNOWN
ubuntu	22.04	noarch	linux-azure	< 5.15.0-1066.75	UNKNOWN
ubuntu	23.10	noarch	linux-azure	< 6.5.0-1023.24	UNKNOWN
ubuntu	20.04	noarch	linux-azure-5.15	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure-6.5	< 6.5.0-1023.24~22.04.1	UNKNOWN