CVE-2024-27403

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-27403
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27403.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-27403
Downstream
Related
Published
2024-05-17T12:15:10Z
Modified
2025-09-18T17:28:55Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nftflowoffload: reset dst in route object after setting up flow

dst is transferred to the flow object, route object does not own it anymore. Reset dst in route object, otherwise if flowoffloadadd() fails, error path releases dst twice, leading to a refcount underflow.

References

Affected packages