Properly link new fs rules into the tree
CVE-2024-35960

9.1CRITICAL

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 May 2024

Summary

In the Linux kernel, a significant linking bug has been identified within the rule management system of the network component. This issue arises when newly created rules are not properly linked into the internal tree structure, leading to a scenario where duplicated references to rules can result in a crash. Specifically, the function handling rule additions fails to adequately manage new rules that lack a parent, causing them to remain unlinked. The resulting behavior leads to critical instability, as the deletion routine assumes all nodes have valid parent references, which is not the case with these improperly linked rules. A recent patch has addressed this issue by ensuring that new rules are correctly initialized and linked, thereby preventing potential crashes and maintaining system integrity.

Affected Version(s)

Linux 74491de937125d0c98c9b9c9208b4105717a3caa

Linux 74491de937125d0c98c9b9c9208b4105717a3caa < 1263b0b26077b1183c3c45a0a2479573a351d423

Linux 74491de937125d0c98c9b9c9208b4105717a3caa < 3d90ca9145f6b97b38d0c2b6b30f6ca6af9c1801

References

https://git.kernel.org/stable/c/de0139719cdda82806a47580c...

https://git.kernel.org/stable/c/1263b0b26077b1183c3c45a0a...

https://git.kernel.org/stable/c/3d90ca9145f6b97b38d0c2b6b...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 20, 2024