lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024041736-CVE-2024-26910-3617@gregkh>
Date: Wed, 17 Apr 2024 17:59:35 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-26910: netfilter: ipset: fix performance regression in swap operation

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ipset: fix performance regression in swap operation

The patch "netfilter: ipset: fix race condition between swap/destroy
and kernel side add/del/test", commit 28628fa9 fixes a race condition.
But the synchronize_rcu() added to the swap function unnecessarily slows
it down: it can safely be moved to destroy and use call_rcu() instead.

Eric Dumazet pointed out that simply calling the destroy functions as
rcu callback does not work: sets with timeout use garbage collectors
which need cancelling at destroy which can wait. Therefore the destroy
functions are split into two: cancelling garbage collectors safely at
executing the command received by netlink and moving the remaining
part only into the rcu callback.

The Linux kernel CVE team has assigned CVE-2024-26910 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 5.4.264 with commit 427deb5ba566 and fixed in 5.4.269 with commit c7f2733e5011
	Issue introduced in 5.10.204 with commit e7152a138a5a and fixed in 5.10.210 with commit a24d5f2ac8ef
	Issue introduced in 5.15.143 with commit 8bb930c3a1ea and fixed in 5.15.149 with commit c2dc077d8f72
	Issue introduced in 6.1.68 with commit 875ee3a09e27 and fixed in 6.1.79 with commit 653bc5e6d999
	Issue introduced in 6.6.7 with commit 23c31036f862 and fixed in 6.6.18 with commit b93a6756a01f
	Issue introduced in 6.7 with commit 28628fa952fe and fixed in 6.7.6 with commit 970709a67696
	Issue introduced in 6.7 with commit 28628fa952fe and fixed in 6.8 with commit 97f7cf1cd80e
	Issue introduced in 4.19.302 with commit a12606e5ad0c

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-26910
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	include/linux/netfilter/ipset/ip_set.h
	net/netfilter/ipset/ip_set_bitmap_gen.h
	net/netfilter/ipset/ip_set_core.c
	net/netfilter/ipset/ip_set_hash_gen.h
	net/netfilter/ipset/ip_set_list_set.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/c7f2733e5011bfd136f1ca93497394d43aa76225
	https://git.kernel.org/stable/c/a24d5f2ac8ef702a58e55ec276aad29b4bd97e05
	https://git.kernel.org/stable/c/c2dc077d8f722a1c73a24e674f925602ee5ece49
	https://git.kernel.org/stable/c/653bc5e6d9995d7d5f497c665b321875a626161c
	https://git.kernel.org/stable/c/b93a6756a01f4fd2f329a39216f9824c56a66397
	https://git.kernel.org/stable/c/970709a67696b100a57b33af1a3d75fc34b747eb
	https://git.kernel.org/stable/c/97f7cf1cd80eeed3b7c808b7c12463295c751001

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ