CVE-2024-40993

MEDIUM EPSS 19.3%
Published Jul 12, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 12, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix suspicious rcu_dereference_protected() When destroying all sets, we are either in pernet exit phase or are executing a "destroy all sets command" from userspace. The latter was taken into account in ip_set_dereference() (nfnetlink mutex is held), but the former was not. The patch adds the required check to rcu_dereference_protected() in ip_set_dereference().

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
19.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel6.1.95any
linuxlinux_kernel6.6.35any
linuxlinux_kernel6.9.6any
linuxlinux_kernel6.10any

References 9

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-265688.html
  • git.kernel.org https://git.kernel.org/stable/c/3799d02ae4208af08e81310770d8754863a246a1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3fc09e1ca854bc234e007a56e0f7431f5e2defb5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/523bed6489e089dd8040e72453fb79da47b144c2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/72d9611968867cc4c5509e7708b1507d692b797a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/788d585e62f487bc4536d454937f737b70d39a33
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8ecd06277a7664f4ef018abae3abd3451d64e7a6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/94dd411c18d7fff9e411555d5c662d29416501e4
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/3799d02ae4208af08e81310770d8754863a246a1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3fc09e1ca854bc234e007a56e0f7431f5e2defb5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/523bed6489e089dd8040e72453fb79da47b144c2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/72d9611968867cc4c5509e7708b1507d692b797a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/788d585e62f487bc4536d454937f737b70d39a33
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8ecd06277a7664f4ef018abae3abd3451d64e7a6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/94dd411c18d7fff9e411555d5c662d29416501e4
    Patch