VIR Vulnerability Intelligence Relay

CVE-2024-26643

medium
Published 2024-05-23 Β· Modified 2024-11-03
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
5.5

Description

Moderate: kernel security and bug fix update

Predictions

Exploit likelihood
55%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata β€” Red Hat Inc. Β· View original β†— Β· Open-Errata-API

Description kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout Red Hat statement Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible. CVSS v3: 4.7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases…

Workaround

exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.

Description

kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout

Red Hat statement

Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.

CVSS v3: 4.7 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

Errata / fixed releases

ProductPackageAdvisoryReleased
Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-553.5.1.rt7.346.el8_10RHSA-2024:36272024-06-05T00:00:00Z
Red Hat Enterprise Linux 8kernel-0:4.18.0-553.5.1.el8_10RHSA-2024:36182024-06-05T00:00:00Z
Red Hat Enterprise Linux 9kernel-0:5.14.0-427.18.1.el9_4RHSA-2024:33062024-05-23T00:00:00Z
Red Hat Enterprise Linux 9kernel-0:5.14.0-427.18.1.el9_4RHSA-2024:33062024-05-23T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Supportkernel-0:5.14.0-284.67.1.el9_2RHSA-2024:34612024-05-29T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Supportkernel-rt-0:5.14.0-284.67.1.rt14.352.el9_2RHSA-2024:34602024-05-29T00:00:00Z

Package state

ProductPackageState
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-rtOut of support scope
Red Hat Enterprise Linux 9kernel-rtAffected

Apply commands

bash fix
Apply RHSA-2024:3627 for Red Hat Enterprise Linux 8
yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rt

Affected

VendorProductVersion
redhatRed Hat Enterprise Linux 6Not affected
redhatRed Hat Enterprise Linux 9Affected

OS impact
linux Linux kernel Affected 1 release
VersionStatusFixed in
β€” Affected 5.4.274
suse SUSE Affected 1 release
VersionStatusFixed in
β€” Affected β€”
debian Debian Mixed 6 releases
VersionStatusFixed in
trixie Fixed 6.7.12-1
sid Fixed 6.7.12-1
forky Fixed 6.7.12-1
bullseye Fixed 5.10.216-1
bookworm Fixed 6.1.85-1
10.0 Affected β€”
almalinux AlmaLinux Fixed 2 releases
VersionStatusFixed in
9 Fixed rv-5.14.0-427.18.1.el9_4.aarch64.rpm
8 Fixed kernel-abi-stablelists-4.18.0-553.5.1.el8_10.noarch.rpm
redhat Red Hat Fixed 2 releases
VersionStatusFixed in
9 Fixed β€”
8 Fixed β€”
rockylinux Rocky Linux Fixed 1 release
VersionStatusFixed in
8 Fixed β€”

References

CWEs

CWE-667

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.