In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() syzbot reported that nf_reinject() could be called without rcu_read_lock() : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Not tainted net/netfilter/nfnetlink_queue.c:263 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor.4/13427: #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline] #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2190 [inline] #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_core+0xa86/0x1830 kernel/rcu/tree.c:2471 #1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] #1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: nfqnl_flush net/netfilter/nfnetlink_queue.c:405 [inline] #1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: instance_destroy_rcu+0x30/0x220 net/netfilter/nfnetlink_queue.c:172 stack backtrace: CPU: 0 PID: 13427 Comm: syz-executor.4 Not tainted 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712 nf_reinject net/netfilter/nfnetlink_queue.c:323 [inline] nfqnl_reinject+0x6ec/0x1120 net/netfilter/nfnetlink_queue.c:397 nfqnl_flush net/netfilter/nfnetlink_queue.c:410 [inline] instance_destroy_rcu+0x1ae/0x220 net/netfilter/nfnetlink_queue.c:172 rcu_do_batch kernel/rcu/tree.c:2196 [inline] rcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471 handle_softirqs+0x2d6/0x990 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 </IRQ> <TASK>

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux

No data.

Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10 cpe:/a:redhat:enterprise_linux:8::nfv RHSA-2024:5102 2024-08-08T00:00:00Z
kernel-0:4.18.0-553.16.1.el8_10 cpe:/o:redhat:enterprise_linux:8 RHSA-2024:5101 2024-08-08T00:00:00Z
References
Link Providers
https://git.kernel.org/stable/c/215df6490e208bfdd5b3012f5075e7f8736f3e7a cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/25ea5377e3d2921a0f96ae2551f5ab1b36825dd4 cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/3989b817857f4890fab9379221a9d3f52bf5c256 cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/68f40354a3851df46c27be96b84f11ae193e36c5 cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/8658bd777cbfcb0c13df23d0ea120e70517761b9 cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/8f365564af898819a523f1a8cf5c6ce053e9f718 cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/dc21c6cc3d6986d938efbf95de62473982c98dec cve-icon cve-icon cve-icon
https://git.kernel.org/stable/c/e01065b339e323b3dfa1be217fd89e9b3208b0ab cve-icon cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024062135-CVE-2024-36286-ebd5@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-36286 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-36286 cve-icon
History

Wed, 11 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Sep 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 08 Aug 2024 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8::nfv
cpe:/o:redhat:enterprise_linux:8
Vendors & Products Redhat
Redhat enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-21T10:18:08.364Z

Updated: 2024-11-05T09:27:13.912Z

Reserved: 2024-06-21T10:13:16.315Z

Link: CVE-2024-36286

cve-icon Vulnrichment

Updated: 2024-08-02T03:37:04.735Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-21T11:15:10.277

Modified: 2024-11-21T09:21:59.400

Link: CVE-2024-36286

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-06-21T00:00:00Z

Links: CVE-2024-36286 - Bugzilla