In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftsetrbtree: skip end interval element from gc
rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active.
[ { "id": "CVE-2024-26581-01b3ced3", "signature_type": "Line", "signature_version": "v1", "target": { "file": "net/netfilter/nft_set_rbtree.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1296c110c5a0b45a8fcf58e7d18bc5da61a565cb", "digest": { "threshold": 0.9, "line_hashes": [ "75546519963126942643703449460720016573", "121942192852815362009406328490323936715", "142613681615591815403278730325897364409", "62535886187033944339956563679913325439", "270108541906659588270185388477518700578", "151529908090128660034725982292346547817", "102608331626369670377130623969286626530", "87147166267324732883070545308089275557", "144152855262984938357439172781161363361", "79884138402891509281372680658296353676", "94220837887436607325234778946992112696", "139189554770275675751606487249898873658" ] }, "deprecated": false }, { "id": "CVE-2024-26581-22b5fdea", "signature_type": "Line", "signature_version": "v1", "target": { "file": "net/netfilter/nft_set_rbtree.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7", "digest": { "threshold": 0.9, "line_hashes": [ "75546519963126942643703449460720016573", "121942192852815362009406328490323936715", "142613681615591815403278730325897364409", "62535886187033944339956563679913325439", "270108541906659588270185388477518700578", "151529908090128660034725982292346547817", "102608331626369670377130623969286626530", "87147166267324732883070545308089275557", "144152855262984938357439172781161363361", "79884138402891509281372680658296353676", "94220837887436607325234778946992112696", "139189554770275675751606487249898873658" ] }, "deprecated": false }, { "id": "CVE-2024-26581-3af3fe7c", "signature_type": "Function", "signature_version": "v1", "target": { "file": "net/netfilter/nft_set_rbtree.c", "function": "nft_rbtree_gc_elem" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6eb14441f10602fa1cf691da9d685718b68b78a9", "digest": { "function_hash": "55778293100202686260079902247630248442", "length": 912.0 }, "deprecated": false }, { "id": "CVE-2024-26581-3d116981", "signature_type": "Function", "signature_version": "v1", "target": { "file": "net/netfilter/nft_set_rbtree.c", "function": "nft_rbtree_gc_elem" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@60c0c230c6f046da536d3df8b39a20b9a9fd6af0", "digest": { "function_hash": "55778293100202686260079902247630248442", "length": 912.0 }, "deprecated": false }, { "id": "CVE-2024-26581-42dce491", "signature_type": "Function", "signature_version": "v1", "target": { "file": "net/netfilter/nft_set_rbtree.c", "function": "nft_rbtree_gc_elem" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c60d252949caf9aba537525195edae6bbabc35eb", "digest": { "function_hash": "126139906182479454091012440039799997441", "length": 850.0 }, "deprecated": false }, { "id": "CVE-2024-26581-48b879d5", "signature_type": "Function", "signature_version": "v1", "target": { "file": "net/netfilter/nft_set_rbtree.c", "function": "nft_rbtree_gc_elem" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2bab493a5624444ec6e648ad0d55a362bcb4c003", "digest": { "function_hash": "55778293100202686260079902247630248442", "length": 912.0 }, "deprecated": false }, { "id": "CVE-2024-26581-5ac1bc5b", "signature_type": "Function", "signature_version": "v1", "target": { "file": "net/netfilter/nft_set_rbtree.c", "function": "nft_rbtree_gc_elem" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@10e9cb39313627f2eae4cd70c4b742074e998fd8", "digest": { "function_hash": "126139906182479454091012440039799997441", "length": 850.0 }, "deprecated": false }, { "id": "CVE-2024-26581-5ee26d61", "signature_type": "Line", "signature_version": "v1", "target": { "file": "net/netfilter/nft_set_rbtree.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c60d252949caf9aba537525195edae6bbabc35eb", "digest": { "threshold": 0.9, "line_hashes": [ "313152438302601664205973332502998383145", "253629789817349308671729450082388271937", "19414851990015992006959959629320402600", "17897984143599201057077194639885373764", "118894049282104111607920365531467221954", "270108541906659588270185388477518700578", "151529908090128660034725982292346547817", "102608331626369670377130623969286626530", "87147166267324732883070545308089275557", "175262129057837140146861322469998507313", "278014515679028487672268585106717898295", "2139313483480974707488594029114540871", "117742175977971977389049779920684362597" ] }, "deprecated": false }, { "id": "CVE-2024-26581-69e5f61f", "signature_type": "Line", "signature_version": "v1", "target": { "file": "net/netfilter/nft_set_rbtree.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@10e9cb39313627f2eae4cd70c4b742074e998fd8", "digest": { "threshold": 0.9, "line_hashes": [ "313152438302601664205973332502998383145", "253629789817349308671729450082388271937", "19414851990015992006959959629320402600", "17897984143599201057077194639885373764", "118894049282104111607920365531467221954", "270108541906659588270185388477518700578", "151529908090128660034725982292346547817", "102608331626369670377130623969286626530", "87147166267324732883070545308089275557", "175262129057837140146861322469998507313", "278014515679028487672268585106717898295", "2139313483480974707488594029114540871", "117742175977971977389049779920684362597" ] }, "deprecated": false }, { "id": "CVE-2024-26581-71334bd7", "signature_type": "Line", "signature_version": "v1", "target": { "file": "net/netfilter/nft_set_rbtree.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@60c0c230c6f046da536d3df8b39a20b9a9fd6af0", "digest": { "threshold": 0.9, "line_hashes": [ "75546519963126942643703449460720016573", "121942192852815362009406328490323936715", "142613681615591815403278730325897364409", "62535886187033944339956563679913325439", "270108541906659588270185388477518700578", "151529908090128660034725982292346547817", "102608331626369670377130623969286626530", "87147166267324732883070545308089275557", "6321051723117366486943129708952131958", "79884138402891509281372680658296353676", "94220837887436607325234778946992112696", "139189554770275675751606487249898873658" ] }, "deprecated": false }, { "id": "CVE-2024-26581-7d3b9545", "signature_type": "Function", "signature_version": "v1", "target": { "file": "net/netfilter/nft_set_rbtree.c", "function": "nft_rbtree_gc_elem" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1296c110c5a0b45a8fcf58e7d18bc5da61a565cb", "digest": { "function_hash": "55778293100202686260079902247630248442", "length": 912.0 }, "deprecated": false }, { "id": "CVE-2024-26581-86a17a28", "signature_type": "Line", "signature_version": "v1", "target": { "file": "net/netfilter/nft_set_rbtree.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2bab493a5624444ec6e648ad0d55a362bcb4c003", "digest": { "threshold": 0.9, "line_hashes": [ "75546519963126942643703449460720016573", "121942192852815362009406328490323936715", "142613681615591815403278730325897364409", "62535886187033944339956563679913325439", "270108541906659588270185388477518700578", "151529908090128660034725982292346547817", "102608331626369670377130623969286626530", "87147166267324732883070545308089275557", "144152855262984938357439172781161363361", "79884138402891509281372680658296353676", "94220837887436607325234778946992112696", "139189554770275675751606487249898873658" ] }, "deprecated": false }, { "id": "CVE-2024-26581-9020ffd9", "signature_type": "Line", "signature_version": "v1", "target": { "file": "net/netfilter/nft_set_rbtree.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4cee42fcf54fec46b344681e7cc4f234bb22f85a", "digest": { "threshold": 0.9, "line_hashes": [ "75546519963126942643703449460720016573", "121942192852815362009406328490323936715", "142613681615591815403278730325897364409", "62535886187033944339956563679913325439", "270108541906659588270185388477518700578", "151529908090128660034725982292346547817", "102608331626369670377130623969286626530", "87147166267324732883070545308089275557", "144152855262984938357439172781161363361", "79884138402891509281372680658296353676", "94220837887436607325234778946992112696", "139189554770275675751606487249898873658" ] }, "deprecated": false }, { "id": "CVE-2024-26581-af3616f4", "signature_type": "Function", "signature_version": "v1", "target": { "file": "net/netfilter/nft_set_rbtree.c", "function": "nft_rbtree_gc_elem" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4cee42fcf54fec46b344681e7cc4f234bb22f85a", "digest": { "function_hash": "55778293100202686260079902247630248442", "length": 912.0 }, "deprecated": false }, { "id": "CVE-2024-26581-d9f8e5c9", "signature_type": "Function", "signature_version": "v1", "target": { "file": "net/netfilter/nft_set_rbtree.c", "function": "nft_rbtree_gc_elem" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7", "digest": { "function_hash": "55778293100202686260079902247630248442", "length": 912.0 }, "deprecated": false }, { "id": "CVE-2024-26581-dcd6054e", "signature_type": "Line", "signature_version": "v1", "target": { "file": "net/netfilter/nft_set_rbtree.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6eb14441f10602fa1cf691da9d685718b68b78a9", "digest": { "threshold": 0.9, "line_hashes": [ "75546519963126942643703449460720016573", "121942192852815362009406328490323936715", "142613681615591815403278730325897364409", "62535886187033944339956563679913325439", "270108541906659588270185388477518700578", "151529908090128660034725982292346547817", "102608331626369670377130623969286626530", "87147166267324732883070545308089275557", "6321051723117366486943129708952131958", "79884138402891509281372680658296353676", "94220837887436607325234778946992112696", "139189554770275675751606487249898873658" ] }, "deprecated": false } ]