gsd-2024-26910
Vulnerability from gsd
Modified
2024-02-20 06:02
Details
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: fix performance regression in swap operation
The patch "netfilter: ipset: fix race condition between swap/destroy
and kernel side add/del/test", commit 28628fa9 fixes a race condition.
But the synchronize_rcu() added to the swap function unnecessarily slows
it down: it can safely be moved to destroy and use call_rcu() instead.
Eric Dumazet pointed out that simply calling the destroy functions as
rcu callback does not work: sets with timeout use garbage collectors
which need cancelling at destroy which can wait. Therefore the destroy
functions are split into two: cancelling garbage collectors safely at
executing the command received by netlink and moving the remaining
part only into the rcu callback.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-26910"
],
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: fix performance regression in swap operation\n\nThe patch \"netfilter: ipset: fix race condition between swap/destroy\nand kernel side add/del/test\", commit 28628fa9 fixes a race condition.\nBut the synchronize_rcu() added to the swap function unnecessarily slows\nit down: it can safely be moved to destroy and use call_rcu() instead.\n\nEric Dumazet pointed out that simply calling the destroy functions as\nrcu callback does not work: sets with timeout use garbage collectors\nwhich need cancelling at destroy which can wait. Therefore the destroy\nfunctions are split into two: cancelling garbage collectors safely at\nexecuting the command received by netlink and moving the remaining\npart only into the rcu callback.",
"id": "GSD-2024-26910",
"modified": "2024-02-20T06:02:29.098250Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@kernel.org",
"ID": "CVE-2024-26910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "427deb5ba566",
"version_value": "c7f2733e5011"
},
{
"version_affected": "\u003c",
"version_name": "e7152a138a5a",
"version_value": "a24d5f2ac8ef"
},
{
"version_affected": "\u003c",
"version_name": "8bb930c3a1ea",
"version_value": "c2dc077d8f72"
},
{
"version_affected": "\u003c",
"version_name": "875ee3a09e27",
"version_value": "653bc5e6d999"
},
{
"version_affected": "\u003c",
"version_name": "23c31036f862",
"version_value": "b93a6756a01f"
},
{
"version_affected": "\u003c",
"version_name": "28628fa952fe",
"version_value": "970709a67696"
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: fix performance regression in swap operation\n\nThe patch \"netfilter: ipset: fix race condition between swap/destroy\nand kernel side add/del/test\", commit 28628fa9 fixes a race condition.\nBut the synchronize_rcu() added to the swap function unnecessarily slows\nit down: it can safely be moved to destroy and use call_rcu() instead.\n\nEric Dumazet pointed out that simply calling the destroy functions as\nrcu callback does not work: sets with timeout use garbage collectors\nwhich need cancelling at destroy which can wait. Therefore the destroy\nfunctions are split into two: cancelling garbage collectors safely at\nexecuting the command received by netlink and moving the remaining\npart only into the rcu callback."
}
]
},
"generator": {
"engine": "bippy-d175d3acf727"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.kernel.org/stable/c/c7f2733e5011bfd136f1ca93497394d43aa76225",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/c7f2733e5011bfd136f1ca93497394d43aa76225"
},
{
"name": "https://git.kernel.org/stable/c/a24d5f2ac8ef702a58e55ec276aad29b4bd97e05",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/a24d5f2ac8ef702a58e55ec276aad29b4bd97e05"
},
{
"name": "https://git.kernel.org/stable/c/c2dc077d8f722a1c73a24e674f925602ee5ece49",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/c2dc077d8f722a1c73a24e674f925602ee5ece49"
},
{
"name": "https://git.kernel.org/stable/c/653bc5e6d9995d7d5f497c665b321875a626161c",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/653bc5e6d9995d7d5f497c665b321875a626161c"
},
{
"name": "https://git.kernel.org/stable/c/b93a6756a01f4fd2f329a39216f9824c56a66397",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/b93a6756a01f4fd2f329a39216f9824c56a66397"
},
{
"name": "https://git.kernel.org/stable/c/970709a67696b100a57b33af1a3d75fc34b747eb",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/970709a67696b100a57b33af1a3d75fc34b747eb"
},
{
"name": "https://git.kernel.org/stable/c/97f7cf1cd80eeed3b7c808b7c12463295c751001",
"refsource": "MISC",
"url": "https://git.kernel.org/stable/c/97f7cf1cd80eeed3b7c808b7c12463295c751001"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: fix performance regression in swap operation\n\nThe patch \"netfilter: ipset: fix race condition between swap/destroy\nand kernel side add/del/test\", commit 28628fa9 fixes a race condition.\nBut the synchronize_rcu() added to the swap function unnecessarily slows\nit down: it can safely be moved to destroy and use call_rcu() instead.\n\nEric Dumazet pointed out that simply calling the destroy functions as\nrcu callback does not work: sets with timeout use garbage collectors\nwhich need cancelling at destroy which can wait. Therefore the destroy\nfunctions are split into two: cancelling garbage collectors safely at\nexecuting the command received by netlink and moving the remaining\npart only into the rcu callback."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: ipset: corrige la regresi\u00f3n de rendimiento en la operaci\u00f3n de intercambio El parche \"netfilter: ipset: corrige la condici\u00f3n de ejecuci\u00f3n entre swap/destroy y add/del/test del lado del kernel\", commit 28628fa9 corrige un condici\u00f3n de ejecuci\u00f3n. Pero elsync_rcu() agregado a la funci\u00f3n swap la ralentiza innecesariamente: se puede mover con seguridad para destruir y usar call_rcu() en su lugar. Eric Dumazet se\u00f1al\u00f3 que simplemente llamar a las funciones de destrucci\u00f3n como devoluci\u00f3n de llamada de rcu no funciona: los conjuntos con tiempo de espera usan recolectores de basura que necesitan cancelarse en la destrucci\u00f3n y que pueden esperar. Por lo tanto, las funciones de destrucci\u00f3n se dividen en dos: cancelar los recolectores de basura de forma segura al ejecutar el comando recibido por netlink y mover la parte restante solo a la devoluci\u00f3n de llamada de rcu."
}
],
"id": "CVE-2024-26910",
"lastModified": "2024-04-17T16:51:07.347",
"metrics": {},
"published": "2024-04-17T16:15:07.860",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/653bc5e6d9995d7d5f497c665b321875a626161c"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/970709a67696b100a57b33af1a3d75fc34b747eb"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/97f7cf1cd80eeed3b7c808b7c12463295c751001"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/a24d5f2ac8ef702a58e55ec276aad29b4bd97e05"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/b93a6756a01f4fd2f329a39216f9824c56a66397"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/c2dc077d8f722a1c73a24e674f925602ee5ece49"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/c7f2733e5011bfd136f1ca93497394d43aa76225"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
}
}
}
Loading...