发布于3月6日3月6日 Members VMware Photon OS: CVE-2024-35898 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 05/19/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() nft_unregister_flowtable_type() within nf_flow_inet_module_exit() can concurrent with __nft_flowtable_type_get() within nf_tables_newflowtable(). And thhere is not any protection when iterate over nf_tables_flowtables list in __nft_flowtable_type_get(). Therefore, there is pertential data-race of nf_tables_flowtables list entry. Use list_for_each_entry_rcu() to iterate over nf_tables_flowtables list in __nft_flowtable_type_get(), and use rcu_read_lock() in the caller nft_flowtable_type_get() to protect the entire type query process. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-35898 CVE - 2024-35898
