Release Mutex After Nft_gc_seq_end from Abort Path
CVE-2024-26925
Key Information:
- Vendor
- Linux
- Status
- Linux
- Vendor
- CVE Published:
- 25 April 2024
Badges
Summary
The vulnerability CVE-2024-26925 affects the Linux kernel and involves the netfilter nf_tables. It allows for the release of mutex after nft_gc_seq_end from the abort path, potentially leading to the async GC worker collecting expired objects and obtaining the released commit lock within the same GC sequence. The vulnerability has been identified as exploited, but there is no information about ransomware groups leveraging it. The resolution for this vulnerability involves moving nf_tables_module_autoload() at the end of the abort phase after nft_gc_seq_end() is called.
Affected Version(s)
Linux 4b6346dc1edfb9839d6edee7360ed31a22fa6c95 < 61ac7284346c32f9a8c8ceac56102f7914060428
Linux 23292bdfda5f04e704a843b8f97b0eb95ace1ca6 < 2cee2ff7f8cce12a63a0a23ffe27f08d99541494
Linux b44a459c6561595ed7c3679599c5279204132b33
News Articles
CybersecurityNewsCVE-2024-26925Balaji N
Balaji is an Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security Head of Security - Ethical Hackers Academy Inc
8 months ago
CybersecurityNewsCVE-2024-26925Vulnerability Archives
Postman API Testing Platform Flaw Exposes Sensitive Credentials Truffle Security Co. has recently discovered a major vulnerability in Postman, the widely used API testing platform. This flaw...
8 months ago
CybersecurityNewsCVE-2024-26925Linux Kernel Vulnerability (CVE-2024-26925) Let Hackers Access Unauthorized Data
In a significant update from the Linux kernel's security team, a critical vulnerability identified as CVE-2024-26925 has been addressed.
8 months ago
References
Timeline
- πΎ
Exploit known to exist
- π°
Used in Ransomware
- π°
First article discovered by CybersecurityNews
Vulnerability published
Vulnerability Reserved