In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: discard table flag update with pending basechain deletion
Hook unregistration is deferred to the commit phase, same occurs with hook updates triggered by the table dormant flag. When both commands are combined, this results in deleting a basechain while leaving its hook still registered in the core.
{ "vanir_signatures": [ { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e75faf01e22ec7dc671640fa0e0968964fafd2fc", "signature_type": "Function", "target": { "function": "nf_tables_updtable", "file": "net/netfilter/nf_tables_api.c" }, "deprecated": false, "digest": { "length": 1269.0, "function_hash": "200118119506089246002346976959406094279" }, "id": "CVE-2024-35897-2ec6c628" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7f609f630951b624348373cef99991ce08831927", "signature_type": "Line", "target": { "file": "net/netfilter/nf_tables_api.c" }, "deprecated": false, "digest": { "line_hashes": [ "276572251374236697611766878644263053904", "279015079310043090089699649073205786727", "199468809431570118733236461484276989262", "74758580158425414968408415063075440985", "40677920217058300717385167036440977021", "45164211032749188391070560322481741461", "101082023027876618446207836916864320122" ], "threshold": 0.9 }, "id": "CVE-2024-35897-50325341" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9627fd0c6ea1c446741a33e67bc5709c59923827", "signature_type": "Line", "target": { "file": "net/netfilter/nf_tables_api.c" }, "deprecated": false, "digest": { "line_hashes": [ "276572251374236697611766878644263053904", "279015079310043090089699649073205786727", "199468809431570118733236461484276989262", "74758580158425414968408415063075440985", "40677920217058300717385167036440977021", "45164211032749188391070560322481741461", "101082023027876618446207836916864320122" ], "threshold": 0.9 }, "id": "CVE-2024-35897-67d726a4" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9627fd0c6ea1c446741a33e67bc5709c59923827", "signature_type": "Function", "target": { "function": "nft_table_pending_update", "file": "net/netfilter/nf_tables_api.c" }, "deprecated": false, "digest": { "length": 412.0, "function_hash": "58952933623480814377349685241589579750" }, "id": "CVE-2024-35897-6d2b31d9" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7f609f630951b624348373cef99991ce08831927", "signature_type": "Function", "target": { "function": "nft_table_pending_update", "file": "net/netfilter/nf_tables_api.c" }, "deprecated": false, "digest": { "length": 412.0, "function_hash": "58952933623480814377349685241589579750" }, "id": "CVE-2024-35897-6f1b5425" }, { "signature_version": "v1", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e75faf01e22ec7dc671640fa0e0968964fafd2fc", "signature_type": "Line", "target": { "file": "net/netfilter/nf_tables_api.c" }, "deprecated": false, "digest": { "line_hashes": [ "35311826816597106133442782214868084942", "34701524642368134665322467508813609518", "188346904831505778286957026319124305876", "209469950131666019495749062639501981316", "195275115717856666373091524111276639069", "34331255205669014992465536504824222002", "187053218098283472138317772181908485066" ], "threshold": 0.9 }, "id": "CVE-2024-35897-9cbe8783" } ] }