cve-2024-36286
Vulnerability from cvelistv5
Published
2024-06-21 10:18
Modified
2024-11-05 09:27
Severity ?
Summary
netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:37:04.735Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8658bd777cbfcb0c13df23d0ea120e70517761b9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3989b817857f4890fab9379221a9d3f52bf5c256"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e01065b339e323b3dfa1be217fd89e9b3208b0ab"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/25ea5377e3d2921a0f96ae2551f5ab1b36825dd4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/68f40354a3851df46c27be96b84f11ae193e36c5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8f365564af898819a523f1a8cf5c6ce053e9f718"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/215df6490e208bfdd5b3012f5075e7f8736f3e7a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dc21c6cc3d6986d938efbf95de62473982c98dec"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36286",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:09:34.720987Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:45.892Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nfnetlink_queue.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8658bd777cbf",
              "status": "affected",
              "version": "9872bec773c2",
              "versionType": "git"
            },
            {
              "lessThan": "3989b817857f",
              "status": "affected",
              "version": "9872bec773c2",
              "versionType": "git"
            },
            {
              "lessThan": "e01065b339e3",
              "status": "affected",
              "version": "9872bec773c2",
              "versionType": "git"
            },
            {
              "lessThan": "25ea5377e3d2",
              "status": "affected",
              "version": "9872bec773c2",
              "versionType": "git"
            },
            {
              "lessThan": "68f40354a385",
              "status": "affected",
              "version": "9872bec773c2",
              "versionType": "git"
            },
            {
              "lessThan": "8f365564af89",
              "status": "affected",
              "version": "9872bec773c2",
              "versionType": "git"
            },
            {
              "lessThan": "215df6490e20",
              "status": "affected",
              "version": "9872bec773c2",
              "versionType": "git"
            },
            {
              "lessThan": "dc21c6cc3d69",
              "status": "affected",
              "version": "9872bec773c2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nfnetlink_queue.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.25"
            },
            {
              "lessThan": "2.6.25",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()\n\nsyzbot reported that nf_reinject() could be called without rcu_read_lock() :\n\nWARNING: suspicious RCU usage\n6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Not tainted\n\nnet/netfilter/nfnetlink_queue.c:263 suspicious rcu_dereference_check() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n2 locks held by syz-executor.4/13427:\n  #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]\n  #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2190 [inline]\n  #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_core+0xa86/0x1830 kernel/rcu/tree.c:2471\n  #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n  #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: nfqnl_flush net/netfilter/nfnetlink_queue.c:405 [inline]\n  #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: instance_destroy_rcu+0x30/0x220 net/netfilter/nfnetlink_queue.c:172\n\nstack backtrace:\nCPU: 0 PID: 13427 Comm: syz-executor.4 Not tainted 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nCall Trace:\n \u003cIRQ\u003e\n  __dump_stack lib/dump_stack.c:88 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n  lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712\n  nf_reinject net/netfilter/nfnetlink_queue.c:323 [inline]\n  nfqnl_reinject+0x6ec/0x1120 net/netfilter/nfnetlink_queue.c:397\n  nfqnl_flush net/netfilter/nfnetlink_queue.c:410 [inline]\n  instance_destroy_rcu+0x1ae/0x220 net/netfilter/nfnetlink_queue.c:172\n  rcu_do_batch kernel/rcu/tree.c:2196 [inline]\n  rcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471\n  handle_softirqs+0x2d6/0x990 kernel/softirq.c:554\n  __do_softirq kernel/softirq.c:588 [inline]\n  invoke_softirq kernel/softirq.c:428 [inline]\n  __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637\n  irq_exit_rcu+0x9/0x30 kernel/softirq.c:649\n  instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]\n  sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043\n \u003c/IRQ\u003e\n \u003cTASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:27:13.912Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8658bd777cbfcb0c13df23d0ea120e70517761b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/3989b817857f4890fab9379221a9d3f52bf5c256"
        },
        {
          "url": "https://git.kernel.org/stable/c/e01065b339e323b3dfa1be217fd89e9b3208b0ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/25ea5377e3d2921a0f96ae2551f5ab1b36825dd4"
        },
        {
          "url": "https://git.kernel.org/stable/c/68f40354a3851df46c27be96b84f11ae193e36c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/8f365564af898819a523f1a8cf5c6ce053e9f718"
        },
        {
          "url": "https://git.kernel.org/stable/c/215df6490e208bfdd5b3012f5075e7f8736f3e7a"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc21c6cc3d6986d938efbf95de62473982c98dec"
        }
      ],
      "title": "netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36286",
    "datePublished": "2024-06-21T10:18:08.364Z",
    "dateReserved": "2024-06-21T10:13:16.315Z",
    "dateUpdated": "2024-11-05T09:27:13.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-36286\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-06-21T11:15:10.277\",\"lastModified\":\"2024-07-15T07:15:05.140\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()\\n\\nsyzbot reported that nf_reinject() could be called without rcu_read_lock() :\\n\\nWARNING: suspicious RCU usage\\n6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Not tainted\\n\\nnet/netfilter/nfnetlink_queue.c:263 suspicious rcu_dereference_check() usage!\\n\\nother info that might help us debug this:\\n\\nrcu_scheduler_active = 2, debug_locks = 1\\n2 locks held by syz-executor.4/13427:\\n  #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]\\n  #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2190 [inline]\\n  #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_core+0xa86/0x1830 kernel/rcu/tree.c:2471\\n  #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\\n  #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: nfqnl_flush net/netfilter/nfnetlink_queue.c:405 [inline]\\n  #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: instance_destroy_rcu+0x30/0x220 net/netfilter/nfnetlink_queue.c:172\\n\\nstack backtrace:\\nCPU: 0 PID: 13427 Comm: syz-executor.4 Not tainted 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\\nCall Trace:\\n \u003cIRQ\u003e\\n  __dump_stack lib/dump_stack.c:88 [inline]\\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\\n  lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712\\n  nf_reinject net/netfilter/nfnetlink_queue.c:323 [inline]\\n  nfqnl_reinject+0x6ec/0x1120 net/netfilter/nfnetlink_queue.c:397\\n  nfqnl_flush net/netfilter/nfnetlink_queue.c:410 [inline]\\n  instance_destroy_rcu+0x1ae/0x220 net/netfilter/nfnetlink_queue.c:172\\n  rcu_do_batch kernel/rcu/tree.c:2196 [inline]\\n  rcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471\\n  handle_softirqs+0x2d6/0x990 kernel/softirq.c:554\\n  __do_softirq kernel/softirq.c:588 [inline]\\n  invoke_softirq kernel/softirq.c:428 [inline]\\n  __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637\\n  irq_exit_rcu+0x9/0x30 kernel/softirq.c:649\\n  instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]\\n  sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043\\n \u003c/IRQ\u003e\\n \u003cTASK\u003e\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: netfilter: nfnetlink_queue: adquirir rcu_read_lock() en instancia_destroy_rcu() syzbot inform\u00f3 que se pod\u00eda llamar a nf_reinject() sin rcu_read_lock() : ADVERTENCIA: uso sospechoso de RCU 6.9.0-rc7-syzkaller -02060-g5c1672705a1a #0 \u00a1No est\u00e1 contaminado net/netfilter/nfnetlink_queue.c:263 uso sospechoso de rcu_dereference_check()! otra informaci\u00f3n que podr\u00eda ayudarnos a depurar esto: rcu_scheduler_active = 2, debug_locks = 1 2 bloqueos mantenidos por syz-executor.4/13427: #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, en: rcu_lock_acquire include/linux/rcupdate.h:329 [en l\u00ednea] #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, en: rcu_do_batch kernel/rcu/tree.c:2190 [en l\u00ednea] #0 : ffffffff8e334f60 (rcu_callback){....}-{0:0}, en: rcu_core+0xa86/0x1830 kernel/rcu/tree.c:2471 #1: ffff88801ca92958 (\u0026amp;inst-\u0026gt;lock){+.-.} -{2:2}, en: spin_lock_bh include/linux/spinlock.h:356 [en l\u00ednea] #1: ffff88801ca92958 (\u0026amp;inst-\u0026gt;lock){+.-.}-{2:2}, en: nfqnl_flush net/ netfilter/nfnetlink_queue.c:405 [en l\u00ednea] #1: ffff88801ca92958 (\u0026amp;inst-\u0026gt;lock){+.-.}-{2:2}, en: instancia_destroy_rcu+0x30/0x220 net/netfilter/nfnetlink_queue.c:172 pila backtrace: CPU: 0 PID: 13427 Comm: syz-executor.4 No contaminado 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Llamada de Google 02/04/2024 Trace:  __dump_stack lib/dump_stack.c: 88 [en l\u00ednea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c: 114 Lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c: 6712 nf_filt. C :323 [en l\u00ednea] nfqnl_reinject+0x6ec/0x1120 net/netfilter/nfnetlink_queue.c:397 nfqnl_flush net/netfilter/nfnetlink_queue.c:410 [en l\u00ednea] instancia_destroy_rcu+0x1ae/0x220 net/netfilter/nfnetlink_queue.c:172 do_batch kernel/rcu /tree.c:2196 [en l\u00ednea] rcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471 handle_softirqs+0x2d6/0x990 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [en l\u00ednea] invoke_softirq kernel/softirq .c:428 [en l\u00ednea] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [en l\u00ednea] r_interrupci\u00f3n+ 0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043  \"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/215df6490e208bfdd5b3012f5075e7f8736f3e7a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/25ea5377e3d2921a0f96ae2551f5ab1b36825dd4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3989b817857f4890fab9379221a9d3f52bf5c256\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/68f40354a3851df46c27be96b84f11ae193e36c5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8658bd777cbfcb0c13df23d0ea120e70517761b9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8f365564af898819a523f1a8cf5c6ce053e9f718\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/dc21c6cc3d6986d938efbf95de62473982c98dec\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e01065b339e323b3dfa1be217fd89e9b3208b0ab\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.