CVE-2024-42270
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-42270
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42270.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-42270
- Downstream
- Related
- Published
- 2024-08-17T08:54:25Z
- Modified
- 2025-10-15T14:01:19.264667Z
- Summary
- netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netfilter: iptables: Fix null-ptr-deref in iptablenattable_init().
We had a report that iptables-restore sometimes triggered null-ptr-deref at boot time. [0]
The problem is that iptablenattable_init() is exposed to user space before the kernel fully initialises netns.
In the small race window, a user could call iptablenattableinit() that accesses netgeneric(net, iptablenatnetid), which is available only after registering iptablenatnetops.
Let's call registerpernetsubsys() before xtregistertemplate().
Started bpfilter BUG: kernel NULL pointer dereference, address: 0000000000000013 PF: supervisor write access in kernel mode PF: errorcode(0x0002) - not-present page PGD 0 P4D 0 PREEMPT SMP NOPTI CPU: 2 PID: 11879 Comm: iptables-restor Not tainted 6.1.92-99.174.amzn2023.x8664 #1 Hardware name: Amazon EC2 c6i.4xlarge/, BIOS 1.0 10/16/2017 RIP: 0010:iptablenattableinit (net/ipv4/netfilter/iptablenat.c:87 net/ipv4/netfilter/iptablenat.c:121) iptablenat Code: 10 4c 89 f6 48 89 ef e8 0b 19 bb ff 41 89 c4 85 c0 75 38 41 83 c7 01 49 83 c6 28 41 83 ff 04 75 dc 48 8b 44 24 08 48 8b 0c 24 <48> 89 08 4c 89 ef e8 a2 3b a2 cf 48 83 c4 10 44 89 e0 5b 5d 41 5c RSP: 0018:ffffbef902843cd0 EFLAGS: 00010246 RAX: 0000000000000013 RBX: ffff9f4b052caa20 RCX: ffff9f4b20988d80 RDX: 0000000000000000 RSI: 0000000000000064 RDI: ffffffffc04201c0 RBP: ffff9f4b29394000 R08: ffff9f4b07f77258 R09: ffff9f4b07f77240 R10: 0000000000000000 R11: ffff9f4b09635388 R12: 0000000000000000 R13: ffff9f4b1a3c6c00 R14: ffff9f4b20988e20 R15: 0000000000000004 FS: 00007f6284340000(0000) GS:ffff9f51fe280000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000013 CR3: 00000001d10a6005 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? showtraceloglvl (arch/x86/kernel/dumpstack.c:259) ? showtraceloglvl (arch/x86/kernel/dumpstack.c:259) ? xtfindtablelock (net/netfilter/xtables.c:1259) ? _diebody.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420) ? pagefaultoops (arch/x86/mm/fault.c:727) ? excpagefault (./arch/x86/include/asm/irqflags.h:40 ./arch/x86/include/asm/irqflags.h:75 arch/x86/mm/fault.c:1470 arch/x86/mm/fault.c:1518) ? asmexcpagefault (./arch/x86/include/asm/idtentry.h:570) ? iptablenattableinit (net/ipv4/netfilter/iptablenat.c:87 net/ipv4/netfilter/iptablenat.c:121) iptablenat xtfindtablelock (net/netfilter/xtables.c:1259) xtrequestfindtablelock (net/netfilter/xtables.c:1287) getinfo (net/ipv4/netfilter/iptables.c:965) ? securitycapable (security/security.c:809 (discriminator 13)) ? nscapable (kernel/capability.c:376 kernel/capability.c:397) ? doiptgetctl (net/ipv4/netfilter/iptables.c:1656) ? bpfiltersendreq (net/bpfilter/bpfilterkern.c:52) bpfilter nfgetsockopt (net/netfilter/nfsockopt.c:116) ipgetsockopt (net/ipv4/ipsockglue.c:1827) _sysgetsockopt (net/socket.c:2327) _x64sysgetsockopt (net/socket.c:2342 net/socket.c:2339 net/socket.c:2339) dosyscall64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:81) entrySYSCALL64afterhwframe (arch/x86/entry/entry64.S:121) RIP: 0033:0x7f62844685ee Code: 48 8b 0d 45 28 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 0a c3 66 0f 1f 84 00 00 00 00 00 48 8b 15 09 RSP: 002b:00007ffd1f83d638 EFLAGS: 00000246 ORIGRAX: 0000000000000037 RAX: ffffffffffffffda RBX: 00007ffd1f83d680 RCX: 00007f62844685ee RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 0000000000000004 R08: 00007ffd1f83d670 R09: 0000558798ffa2a0 R10: 00007ffd1f83d680 R11: 0000000000000246 R12: 00007ffd1f83e3b2 R13: 00007f6284 ---truncated---
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/08ed888b69a22647153fe2bec55b7cd0a46102cc
- https://git.kernel.org/stable/c/5830aa863981d43560748aa93589c0695191d95d
- https://git.kernel.org/stable/c/70014b73d7539fcbb6b4ff5f37368d7241d8e626
- https://git.kernel.org/stable/c/95590a4929027769af35b153645c0ab6fd22b29b
- https://git.kernel.org/stable/c/b98ddb65fa1674b0e6b52de8af9103b63f51b643
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfdacd57c79b79a03c7ca88f706ad9fb7b46831c1Fixedb98ddb65fa1674b0e6b52de8af9103b63f51b643
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfdacd57c79b79a03c7ca88f706ad9fb7b46831c1Fixed95590a4929027769af35b153645c0ab6fd22b29b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfdacd57c79b79a03c7ca88f706ad9fb7b46831c1Fixed70014b73d7539fcbb6b4ff5f37368d7241d8e626
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfdacd57c79b79a03c7ca88f706ad9fb7b46831c1Fixed08ed888b69a22647153fe2bec55b7cd0a46102cc
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfdacd57c79b79a03c7ca88f706ad9fb7b46831c1Fixed5830aa863981d43560748aa93589c0695191d95d
Affected versions
v5.*
v6.*
Database specific
{
"vanir_signatures": [
{
"digest": {
"length": 107.0,
"function_hash": "248842819552722762658020507025475554971"
},
"target": {
"function": "iptable_nat_exit",
"file": "net/ipv4/netfilter/iptable_nat.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b98ddb65fa1674b0e6b52de8af9103b63f51b643",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2024-42270-1704d2ac"
},
{
"digest": {
"length": 107.0,
"function_hash": "248842819552722762658020507025475554971"
},
"target": {
"function": "iptable_nat_exit",
"file": "net/ipv4/netfilter/iptable_nat.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@70014b73d7539fcbb6b4ff5f37368d7241d8e626",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2024-42270-451d0d9d"
},
{
"digest": {
"line_hashes": [
"94851592765166086524389256682950106613",
"292342818158219483255532712513493542734",
"2554374327366323359752729462881138474",
"118731789497745377485264869942641601853",
"247428933175301267268123110091904714242",
"283104108326292083300842794689568252961",
"331993401567758543393934672212246692767",
"306575368512737829417780962734564670152",
"78871706840899797428210105740187002063",
"281213062275847420665978991111951204425",
"193236387698013672847223217341469472959",
"110352104954448029835910125626222823907",
"179774776072812281933356454566213334747",
"253500702315419146194209793118538042130",
"78624067013042810756155167801574799809",
"278412730508324837376622030986152881964",
"336668241991292706035595168304347715509",
"285855354890983351285772887544766892202"
],
"threshold": 0.9
},
"target": {
"file": "net/ipv4/netfilter/iptable_nat.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@95590a4929027769af35b153645c0ab6fd22b29b",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2024-42270-4cc23223"
},
{
"digest": {
"length": 107.0,
"function_hash": "248842819552722762658020507025475554971"
},
"target": {
"function": "iptable_nat_exit",
"file": "net/ipv4/netfilter/iptable_nat.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@95590a4929027769af35b153645c0ab6fd22b29b",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2024-42270-89b2d96b"
},
{
"digest": {
"line_hashes": [
"94851592765166086524389256682950106613",
"292342818158219483255532712513493542734",
"2554374327366323359752729462881138474",
"118731789497745377485264869942641601853",
"247428933175301267268123110091904714242",
"283104108326292083300842794689568252961",
"331993401567758543393934672212246692767",
"306575368512737829417780962734564670152",
"78871706840899797428210105740187002063",
"281213062275847420665978991111951204425",
"193236387698013672847223217341469472959",
"110352104954448029835910125626222823907",
"179774776072812281933356454566213334747",
"253500702315419146194209793118538042130",
"78624067013042810756155167801574799809",
"278412730508324837376622030986152881964",
"336668241991292706035595168304347715509",
"285855354890983351285772887544766892202"
],
"threshold": 0.9
},
"target": {
"file": "net/ipv4/netfilter/iptable_nat.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@70014b73d7539fcbb6b4ff5f37368d7241d8e626",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2024-42270-8b1e8b75"
},
{
"digest": {
"length": 258.0,
"function_hash": "114381428307397609607342768850162531875"
},
"target": {
"function": "iptable_nat_init",
"file": "net/ipv4/netfilter/iptable_nat.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@70014b73d7539fcbb6b4ff5f37368d7241d8e626",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2024-42270-ad2480d4"
},
{
"digest": {
"length": 258.0,
"function_hash": "114381428307397609607342768850162531875"
},
"target": {
"function": "iptable_nat_init",
"file": "net/ipv4/netfilter/iptable_nat.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@95590a4929027769af35b153645c0ab6fd22b29b",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2024-42270-d441a3d7"
},
{
"digest": {
"length": 258.0,
"function_hash": "114381428307397609607342768850162531875"
},
"target": {
"function": "iptable_nat_init",
"file": "net/ipv4/netfilter/iptable_nat.c"
},
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b98ddb65fa1674b0e6b52de8af9103b63f51b643",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2024-42270-d6473a78"
},
{
"digest": {
"line_hashes": [
"94851592765166086524389256682950106613",
"292342818158219483255532712513493542734",
"2554374327366323359752729462881138474",
"118731789497745377485264869942641601853",
"247428933175301267268123110091904714242",
"283104108326292083300842794689568252961",
"331993401567758543393934672212246692767",
"306575368512737829417780962734564670152",
"78871706840899797428210105740187002063",
"281213062275847420665978991111951204425",
"193236387698013672847223217341469472959",
"110352104954448029835910125626222823907",
"179774776072812281933356454566213334747",
"253500702315419146194209793118538042130",
"78624067013042810756155167801574799809",
"278412730508324837376622030986152881964",
"336668241991292706035595168304347715509",
"285855354890983351285772887544766892202"
],
"threshold": 0.9
},
"target": {
"file": "net/ipv4/netfilter/iptable_nat.c"
},
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b98ddb65fa1674b0e6b52de8af9103b63f51b643",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2024-42270-f7165f3a"
}
]
}