In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: fix performance regression in swap operation
The patch "netfilter: ipset: fix race condition between swap/destroy
and kernel side add/del/test", commit 28628fa9 fixes a race condition.
But the synchronize_rcu() added to the swap function unnecessarily slows
it down: it can safely be moved to destroy and use call_rcu() instead.
Eric Dumazet pointed out that simply calling the destroy functions as
rcu callback does not work: sets with timeout use garbage collectors
which need cancelling at destroy which can wait. Therefore the destroy
functions are split into two: cancelling garbage collectors safely at
executing the command received by netlink and moving the remaining
part only into the rcu callback.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-04-17T15:59:21.967Z
Updated: 2024-08-02T00:21:05.455Z
Reserved: 2024-02-19T14:20:24.188Z
Link: CVE-2024-26910
Vulnrichment
Updated: 2024-05-23T19:01:23.955Z
NVD
Status : Modified
Published: 2024-04-17T16:15:07.860
Modified: 2024-06-25T22:15:26.080
Link: CVE-2024-26910
Redhat