CVE-2024-26834

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-26834
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26834.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-26834
Downstream
Published
2024-04-17T10:10:02Z
Modified
2025-10-21T19:23:11.140782Z
Summary
netfilter: nft_flow_offload: release dst in case direct xmit path is used
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nftflowoffload: release dst in case direct xmit path is used

Direct xmit does not use it since it calls devqueuexmit() to send packets, hence it calls dst_release().

kmemleak reports:

unreferenced object 0xffff88814f440900 (size 184): comm "softirq", pid 0, jiffies 4294951896 hex dump (first 32 bytes): 00 60 5b 04 81 88 ff ff 00 e6 e8 82 ff ff ff ff .`[............. 21 0b 50 82 ff ff ff ff 00 00 00 00 00 00 00 00 !.P............. backtrace (crc cb2bf5d6): [<000000003ee17107>] kmemcachealloc+0x286/0x340 [<0000000021a5de2c>] dstalloc+0x43/0xb0 [<00000000f0671159>] rtdstalloc+0x2e/0x190 [<00000000fe5092c9>] _mkrouteoutput+0x244/0x980 [<000000005fb96fb0>] iprouteoutputflow+0xc0/0x160 [<0000000045367433>] nfiproute+0xf/0x30 [<0000000085da1d8e>] nfroute+0x2d/0x60 [<00000000d1ecd1cb>] nftflowroute+0x171/0x6a0 [nftflowoffload] [<00000000d9b2fb60>] nftflowoffloadeval+0x4e8/0x700 [nftflowoffload] [<000000009f447dbb>] exprcallopseval+0x53/0x330 [nftables] [<00000000072e1be6>] nftdochain+0x17c/0x840 [nftables] [<00000000d0551029>] nftdochaininet+0xa1/0x210 [nftables] [<0000000097c9d5c6>] nfhookslow+0x5b/0x160 [<0000000005eccab1>] ipforward+0x8b6/0x9b0 [<00000000553a269b>] iprcv+0x221/0x230 [<00000000412872e5>] _netifreceiveskbonecore+0xfe/0x110

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7c71b831220edeab7ce603d818dc1708d9ea4137
Fixed
13b57b5cd591d5b22f9bbf047b2922967de411f3
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9c5662e95a8dcc232c3ef4deb21033badcd260f6
Fixed
a6cafdb49a7bbf4a88367db209703eee6941e023
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fa502c86566680ac62bc28ec883a069bf7a2aa5e
Fixed
9256ab9232e35a16af9c30fa4e522e6d1bd3605a
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fa502c86566680ac62bc28ec883a069bf7a2aa5e
Fixed
2d17cf10179a7de6d8f0128168b84ad0b4a1863f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fa502c86566680ac62bc28ec883a069bf7a2aa5e
Fixed
8762785f459be1cfe6fcf7285c123aad6a3703f0

Affected versions

v6.*

v6.4
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.2
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.2
v6.7.3
v6.7.4
v6.7.5
v6.7.6
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.5.0
Fixed
6.6.19
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.7.7