net: openvswitch: Fix Use-After-Free in ovs_ct_exit
Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal
of ovs_ct_limit_exit, is not part of the RCU read critical section, it
is possible that the RCU grace period will pass during the traversal and
the key will be free.
To prevent this, it should be changed to hlist_for_each_entry_safe.
Metrics
Affected Vendors & Products
Source | ID | Title |
---|---|---|
![]() |
DLA-3840-1 | linux security update |
![]() |
DLA-3842-1 | linux-5.10 security update |
![]() |
USN-6896-1 | Linux kernel vulnerabilities |
![]() |
USN-6896-2 | Linux kernel vulnerabilities |
![]() |
USN-6896-3 | Linux kernel vulnerabilities |
![]() |
USN-6896-4 | Linux kernel vulnerabilities |
![]() |
USN-6896-5 | Linux kernel vulnerabilities |
![]() |
USN-6898-1 | Linux kernel vulnerabilities |
![]() |
USN-6898-2 | Linux kernel vulnerabilities |
![]() |
USN-6898-3 | Linux kernel kernel vulnerabilities |
![]() |
USN-6898-4 | Linux kernel vulnerabilities |
![]() |
USN-6917-1 | Linux kernel vulnerabilities |
![]() |
USN-6919-1 | Linux kernel vulnerabilities |
![]() |
USN-6927-1 | Linux kernel vulnerabilities |
![]() |
USN-6949-1 | Linux kernel vulnerabilities |
![]() |
USN-6949-2 | Linux kernel vulnerabilities |
![]() |
USN-6952-1 | Linux kernel vulnerabilities |
![]() |
USN-6955-1 | Linux kernel (OEM) vulnerabilities |
![]() |
USN-7019-1 | Linux kernel vulnerabilities |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 05 Mar 2025 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhel Eus
|
|
CPEs | cpe:/a:redhat:rhel_eus:9.4 | |
Vendors & Products |
Redhat rhel Eus
|
Tue, 14 Jan 2025 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Debian
Debian debian Linux Linux Linux linux Kernel |
|
Weaknesses | CWE-416 | |
CPEs | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:* |
|
Vendors & Products |
Debian
Debian debian Linux Linux Linux linux Kernel |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 13 Nov 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:9 |
Tue, 05 Nov 2024 10:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 11 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 08 Aug 2024 23:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/a:redhat:enterprise_linux:8::nfv cpe:/o:redhat:enterprise_linux:8 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux |

Status: PUBLISHED
Assigner: Linux
Published:
Updated: 2025-05-04T09:04:04.943Z
Reserved: 2024-02-25T13:47:42.677Z
Link: CVE-2024-27395

Updated: 2024-08-02T00:34:52.145Z

Status : Analyzed
Published: 2024-05-14T15:12:27.683
Modified: 2025-01-14T14:27:22.167
Link: CVE-2024-27395


No data.