CVE-2024-27395: net: openvswitch: Fix Use-After-Free in ovs_ct_exit
First published: Thu May 09 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal of ovs_ct_limit_exit, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <4.19.313 | 4.19.313 |
| redhat/kernel | <5.4.275 | 5.4.275 |
| redhat/kernel | <5.10.216 | 5.10.216 |
| redhat/kernel | <5.15.158 | 5.15.158 |
| redhat/kernel | <6.1.90 | 6.1.90 |
| redhat/kernel | <6.6.30 | 6.6.30 |
| redhat/kernel | <6.8.9 | 6.8.9 |
| redhat/kernel | <6.9 | 6.9 |
| debian/linux | 5.10.223-1 6.1.106-3 6.1.99-1 6.10.9-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/2db9a8c0a01fa1c762c1e61a13c212c492752994
- https://git.kernel.org/stable/c/35880c3fa6f8fe281a19975d2992644588ca33d3
- https://git.kernel.org/stable/c/589523cf0b384164e445dd5db8d5b1bf97982424
- https://git.kernel.org/stable/c/5ea7b72d4fac2fdbc0425cd8f2ea33abe95235b2
- https://git.kernel.org/stable/c/9048616553c65e750d43846f225843ed745ec0d4
- https://git.kernel.org/stable/c/bca6fa2d9a9f560e6b89fd5190b05cc2f5d422c1
- https://git.kernel.org/stable/c/eaa5e164a2110d2fb9e16c8a29e4501882235137
- https://git.kernel.org/stable/c/edee0758747d7c219e29db9ed1d4eb33e8d32865
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- https://launchpad.net/bugs/cve/CVE-2024-27395
- https://access.redhat.com/security/cve/CVE-2024-27395
- https://lore.kernel.org/linux-cve-announce/2024050836-CVE-2024-27395-573e@gregkh/T
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2280441
- https://access.redhat.com/errata/RHSA-2024:5102
- https://access.redhat.com/errata/RHSA-2024:5101
- https://bugzilla.redhat.com/show_bug.cgi?id=2280440
- https://git.kernel.org/linus/5ea7b72d4fac2fdbc0425cd8f2ea33abe95235b2
- https://security-tracker.debian.org/tracker/CVE-2024-27395
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27395
- https://nvd.nist.gov/vuln/detail/CVE-2024-27395
- https://ubuntu.com/security/CVE-2024-27395
- agent/weakness
- agent/title
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/remedy
- collector/nvd-cve
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/event
- agent/severity
- agent/description
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-27395
- agent/software-canonical-lookup
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- package-manager/redhat
- package-manager/debian