CVE-2024-27403

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-27403

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27403.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-27403

Downstream

BELL-CVE-2024-27403

DEBIAN-CVE-2024-27403

OESA-2024-1677

OESA-2024-1678

OESA-2024-1682

OESA-2024-2295

RHSA-2024:4106

RHSA-2024:4108

RHSA-2024:5256

RHSA-2024:5257

RHSA-2024:8162

SUSE-SU-2024:3190-1

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3383-1

SUSE-SU-2024:3483-1

UBUNTU-CVE-2024-27403

USN-6820-1

USN-6820-2

USN-6821-1

USN-6821-2

USN-6821-3

USN-6821-4

USN-6828-1

USN-6871-1

USN-6892-1

USN-6919-1

Related

Published

2024-05-17T12:15:10Z

Modified

2025-09-18T17:28:55Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nftflowoffload: reset dst in route object after setting up flow

dst is transferred to the flow object, route object does not own it anymore. Reset dst in route object, otherwise if flowoffloadadd() fails, error path releases dst twice, leading to a refcount underflow.

References

Affected packages