Huawei EulerOS: CVE-2024-35898: kernel security update

Huawei EulerOS: CVE-2024-35898: kernel security update

Severity

4

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

05/19/2024

Created

12/13/2024

Added

12/12/2024

Modified

12/12/2024

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() nft_unregister_flowtable_type() within nf_flow_inet_module_exit() can concurrent with __nft_flowtable_type_get() within nf_tables_newflowtable(). And thhere is not any protection when iterate over nf_tables_flowtables list in __nft_flowtable_type_get(). Therefore, there is pertential data-race of nf_tables_flowtables list entry. Use list_for_each_entry_rcu() to iterate over nf_tables_flowtables list in __nft_flowtable_type_get(), and use rcu_read_lock() in the caller nft_flowtable_type_get() to protect the entire type query process.

Solution(s)

• huawei-euleros-2_0_sp12-upgrade-bpftool
• huawei-euleros-2_0_sp12-upgrade-kernel
• huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists
• huawei-euleros-2_0_sp12-upgrade-kernel-tools
• huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs
• huawei-euleros-2_0_sp12-upgrade-python3-perf

References

• https://attackerkb.com/topics/cve-2024-35898
• CVE - 2024-35898
• EulerOS-SA-2024-2953