{"id":"CVE-2024-26643","summary":"netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout\n\nWhile the rhashtable set gc runs asynchronously, a race allows it to\ncollect elements from anonymous sets with timeouts while it is being\nreleased from the commit path.\n\nMingi Cho originally reported this issue in a different path in 6.1.x\nwith a pipapo set with low timeouts which is not possible upstream since\n7395dfacfff6 (\"netfilter: nf_tables: use timestamp to check for set\nelement timeout\").\n\nFix this by setting on the dead flag for anonymous sets to skip async gc\nin this case.\n\nAccording to 08e4c8c5919f (\"netfilter: nf_tables: mark newset as dead on\ntransaction abort\"), Florian plans to accelerate abort path by releasing\nobjects via workqueue, therefore, this sets on the dead flag for abort\npath too.","modified":"2026-04-03T13:14:49.191943Z","published":"2024-03-21T10:43:44.103Z","related":["ALSA-2024:3306","ALSA-2024:3618","ALSA-2024:3627","MGASA-2024-0141","MGASA-2024-0142","SUSE-SU-2024:2008-1","SUSE-SU-2024:2010-1","SUSE-SU-2024:2019-1","SUSE-SU-2024:2135-1","SUSE-SU-2024:2183-1","SUSE-SU-2024:2185-1","SUSE-SU-2024:2190-1","SUSE-SU-2024:2203-1","SUSE-SU-2024:2973-1","SUSE-SU-2025:02588-1","SUSE-SU-2025:02849-1","SUSE-SU-2025:02851-1","SUSE-SU-2025:02852-1","SUSE-SU-2025:20008-1","SUSE-SU-2025:20028-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26643.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/291cca35818bd52a407bc37ab45a15816039e363"},{"type":"WEB","url":"https://git.kernel.org/stable/c/406b0241d0eb598a0b330ab20ae325537d8d8163"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5224afbc30c3ca9ba23e752f0f138729b2c48dd8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/552705a3650bbf46a22b1adedc1b04181490fc36"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b2d6f9a5b1cf968f1eaa71085ceeb09c2cb276b1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d75a589bb92af1abf3b779cfcd1977ca11b27033"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e2d45f467096e931044f0ab7634499879d851a5c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/edcf1a3f182ecf8b6b805f0ce90570ea98c5f6bf"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26643.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26643"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8da1b048f9a501d3d7d38c188ba09d7d0d5b8c27"},{"fixed":"d75a589bb92af1abf3b779cfcd1977ca11b27033"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"bbdb3b65aa91aa0a32b212f27780b28987f2d94f"},{"fixed":"edcf1a3f182ecf8b6b805f0ce90570ea98c5f6bf"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"448be0774882f95a74fa5eb7519761152add601b"},{"fixed":"e2d45f467096e931044f0ab7634499879d851a5c"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d19e8bf3ea4114dd21fc35da21f398203d7f7df1"},{"fixed":"291cca35818bd52a407bc37ab45a15816039e363"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ea3eb9f2192e4fc33b795673e56c97a21987f868"},{"fixed":"406b0241d0eb598a0b330ab20ae325537d8d8163"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"5f68718b34a531a556f2f50300ead2862278da26"},{"fixed":"b2d6f9a5b1cf968f1eaa71085ceeb09c2cb276b1"},{"fixed":"5224afbc30c3ca9ba23e752f0f138729b2c48dd8"},{"fixed":"552705a3650bbf46a22b1adedc1b04181490fc36"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"0624f190b5742a1527cd938295caa8dc5281d4cd"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26643.json"}}],"schema_version":"1.7.5"}