#VU91432 Race condition within a thread in Linux kernel


Published: 2024-06-08

Vulnerability identifier: #VU91432

Vulnerability risk: Low

CVSSv3.1: 6.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27020

CWE-ID: CWE-366

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a data race within the __nft_expr_type_get() and nft_expr_type_get() functions in net/netfilter/nf_tables_api.c. A local user can execute arbitrary code.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/0b6de00206adbbfc6373b3ae38d2a6f197987907
http://git.kernel.org/stable/c/8d56bad42ac4c43c6c72ddd6a654a2628bf839c5
http://git.kernel.org/stable/c/a9ebf340d123ae12582210407f879d6a5a1bc25b
http://git.kernel.org/stable/c/01f1a678b05ade4b1248019c2dcca773aebbeb7f
http://git.kernel.org/stable/c/f969eb84ce482331a991079ab7a5c4dc3b7f89bf
http://git.kernel.org/stable/c/939109c0a8e2a006a6cc8209e262d25065f4403a
http://git.kernel.org/stable/c/b38a133d37fa421c8447b383d788c9cc6f5cb34c
http://git.kernel.org/stable/c/934e66e231cff2b18faa2c8aad0b8cec13957e05

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 22.03 LTS SP3 update for kernel
openEuler 22.03 LTS SP1 update for kernel
openEuler 20.03 LTS SP4 update for kernel
Race condition within a thread in Linux kernel netfilter