CVE-2024-57900— ila: serialize calls to nf_register_net_hooks()
Affected Version Matrix 16
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 7f00feaf107645d95a6d87e99b4d141ac0a08efd< 1638f430f8900f2375f5de45508fbe553997e190 | affected |
7f00feaf107645d95a6d87e99b4d141ac0a08efd< d3017895e393536b234cf80a83fc463c08a28137 | affected | ||
7f00feaf107645d95a6d87e99b4d141ac0a08efd< ad0677c37c14fa28913daea92d139644d7acf04e | affected | ||
7f00feaf107645d95a6d87e99b4d141ac0a08efd< eba25e21dce7ec70e2b3f121b2f3a25a4ec43eca | affected | ||
7f00feaf107645d95a6d87e99b4d141ac0a08efd< 17e8fa894345e8d2c7a7642482267b275c3d4553 | affected | ||
7f00feaf107645d95a6d87e99b4d141ac0a08efd< 3d1b63cf468e446b9feaf4e4e73182b9cc82f460 | affected | ||
7f00feaf107645d95a6d87e99b4d141ac0a08efd< 260466b576bca0081a7d4acecc8e93687aa22d0e | affected | ||
4.5 | affected | ||
| … +8 more rows | |||
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-57900
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ila: serialize calls to nf_register_net_hooks()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ila: serialize calls to nf_register_net_hooks() syzbot found a race in ila_add_mapping() [1] commit 031ae72825ce ("ila: call nf_unregister_net_hooks() sooner") attempted to fix a similar issue. Looking at the syzbot repro, we have concurrent ILA_CMD_ADD commands. Add a mutex to make sure at most one thread is calling nf_register_net_hooks(). [1] BUG: KASAN: slab-use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline] BUG: KASAN: slab-use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604 Read of size 4 at addr ffff888028f40008 by task dhcpcd/5501 CPU: 1 UID: 0 PID: 5501 Comm: dhcpcd Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xc3/0x620 mm/kasan/report.c:489 kasan_report+0xd9/0x110 mm/kasan/report.c:602 rht_key_hashfn include/linux/rhashtable.h:159 [inline] __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604 rhashtable_lookup include/linux/rhashtable.h:646 [inline] rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline] ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:127 [inline] ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline] ila_nf_input+0x1ee/0x620 net/ipv6/ila/ila_xlat.c:185 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xbb/0x200 net/netfilter/core.c:626 nf_hook.constprop.0+0x42e/0x750 include/linux/netfilter.h:269 NF_HOOK include/linux/netfilter.h:312 [inline] ipv6_rcv+0xa4/0x680 net/ipv6/ip6_input.c:309 __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5672 __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785 process_backlog+0x443/0x15f0 net/core/dev.c:6117 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883 napi_poll net/core/dev.c:6952 [inline] net_rx_action+0xa94/0x1010 net/core/dev.c:7074 handle_softirqs+0x213/0x8f0 kernel/softirq.c:561 __do_softirq kernel/softirq.c:595 [inline] invoke_softirq kernel/softirq.c:435 [inline] __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于在注册网络钩子时存在竞争问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-57900
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-57900
请登录查看更多情报信息。
Patches & Fixes for CVE-2024-57900 (7)
Same Patch Batch · Linux · 2025-01-15 · 32 CVEs total
| CVE-2024-57898 | wifi: cfg80211: clear link ID from bitmap during link delete after clean up | |
| CVE-2024-57857 | RDMA/siw: Remove direct link to net_device | |
| CVE-2024-57844 | drm/xe: Fix fault on fd close after unbind | |
| CVE-2024-57841 | net: fix memory leak in tcp_conn_request() | |
| CVE-2024-57802 | netrom: check buffer length before accessing it | |
| CVE-2024-57801 | net/mlx5e: Skip restore TC rules for vport rep without loaded flag | |
| CVE-2024-57795 | RDMA/rxe: Remove the direct link to net_device | |
| CVE-2024-54031 | netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext | |
| CVE-2024-53681 | nvmet: Don't overflow subsysnqn | |
| CVE-2024-39282 | net: wwan: t7xx: Fix FSM command timeout issue | |
| CVE-2024-36476 | RDMA/rtrs: Ensure 'ib_sge list' is accessible | |
| CVE-2025-21629 | net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets | |
| CVE-2024-57903 | net: restrict SO_REUSEPORT to inet sockets | |
| CVE-2024-57901 | af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK | |
| CVE-2024-57902 | af_packet: fix vlan_get_tci() vs MSG_PEEK | |
| CVE-2024-57899 | wifi: mac80211: fix mbss changed flags corruption on 32 bit systems | |
| CVE-2024-57882 | mptcp: fix TCP options overflow. | |
| CVE-2024-57897 | drm/amdkfd: Correct the migration DMA map direction | |
| CVE-2024-57896 | btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount | |
| CVE-2024-57895 | ksmbd: set ATTR_CTIME flags when setting mtime |
Showing top 20 of 32 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2024-57900
No comments yet