Описание
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.
Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability.
We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8.
A use-after-free flaw was found in the Linux kernel’s nftables sub-component due to a race problem between the set GC and transaction in the Linux Kernel. This flaw allows a local attacker to crash the system due to a missing call to nft_set_elem_mark_busy, causing double deactivation of the element and possibly leading to a kernel information leak problem.
Отчет
Exploiting this flaw will require CAP_NET_ADMIN access privilege in any user or network namespace. And, On non-containerized deployments of Red Hat Enterprise Linux, you can disable user namespaces by setting user.max_user_namespaces to 0: $ echo "user.max_user_namespaces=0" > /etc/sysctl.d/userns.conf $ sysctl -p /etc/sysctl.d/userns.conf On containerized deployments, such as Red Hat OpenShift Container Platform, do not use this mitigation as the functionality is needed to be enabled.
Меры по смягчению последствий
Mitigation for this issue is to skip loading the affected module "nftables" onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Out of support scope | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2024:2950 | 22.05.2024 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2024:3138 | 22.05.2024 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2024:1248 | 12.03.2024 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2024:1248 | 12.03.2024 |
| Red Hat Enterprise Linux 9.0 Extended Update Support | kernel | Fixed | RHSA-2024:3421 | 28.05.2024 |
| Red Hat Enterprise Linux 9.0 Extended Update Support | kernel-rt | Fixed | RHSA-2024:3414 | 28.05.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability. We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8.
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability. We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8.
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability. We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8.
Уязвимость компонента nf_tables операционной системы Linux, позволяющая нарушителю повысить свои привилегии
EPSS
7 High
CVSS3