Release Mutex After Nft_gc_seq_end from Abort Path
Key Information
- Vendor
- Linux
- Status
- Linux
- Vendor
- CVE Published:
- 25 April 2024
Badges
Summary
The vulnerability CVE-2024-26925 affects the Linux kernel and involves the netfilter nf_tables. It allows for the release of mutex after nft_gc_seq_end from the abort path, potentially leading to the async GC worker collecting expired objects and obtaining the released commit lock within the same GC sequence. The vulnerability has been identified as exploited, but there is no information about ransomware groups leveraging it. The resolution for this vulnerability involves moving nf_tables_module_autoload() at the end of the abort phase after nft_gc_seq_end() is called.
Affected Version(s)
Linux < 61ac7284346c
Linux < 2cee2ff7f8cc
Linux < b44a459c6561
News Articles
CybersecurityNews CVE-2024-26925Balaji N
Balaji is an Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security Head of Security - Ethical Hackers Academy Inc
5 months ago
CybersecurityNews CVE-2024-26925Vulnerability Archives
Postman API Testing Platform Flaw Exposes Sensitive Credentials Truffle Security Co. has recently discovered a major vulnerability in Postman, the widely used API testing platform. This flaw...
5 months ago
CybersecurityNews CVE-2024-26925Linux Kernel Vulnerability (CVE-2024-26925) Let Hackers Access Unauthorized Data
In a significant update from the Linux kernel's security team, a critical vulnerability identified as CVE-2024-26925 has been addressed.
5 months ago
Timeline
- 👾
Exploit exists.
First article discovered by CybersecurityNews
Vulnerability published.
Vulnerability Reserved.