CVE-2024-36286
- Source
- https://cve.org/CVERecord?id=CVE-2024-36286
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36286.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-36286
- Downstream
- Related
- Published
- 2024-06-21T10:18:08.364Z
- Modified
- 2026-05-28T03:54:37.246571577Z
- Summary
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlinkqueue: acquire rcureadlock() in instancedestroy_rcu()
syzbot reported that nfreinject() could be called without rcuread_lock() :
WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Not tainted
net/netfilter/nfnetlinkqueue.c:263 suspicious rcudereference_check() usage!
other info that might help us debug this:
rcuscheduleractive = 2, debuglocks = 1 2 locks held by syz-executor.4/13427: #0: ffffffff8e334f60 (rcucallback){....}-{0:0}, at: rculockacquire include/linux/rcupdate.h:329 [inline] #0: ffffffff8e334f60 (rcucallback){....}-{0:0}, at: rcudobatch kernel/rcu/tree.c:2190 [inline] #0: ffffffff8e334f60 (rcucallback){....}-{0:0}, at: rcucore+0xa86/0x1830 kernel/rcu/tree.c:2471 #1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: spinlockbh include/linux/spinlock.h:356 [inline] #1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: nfqnlflush net/netfilter/nfnetlinkqueue.c:405 [inline] #1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: instancedestroyrcu+0x30/0x220 net/netfilter/nfnetlinkqueue.c:172
stack backtrace: CPU: 0 PID: 13427 Comm: syz-executor.4 Not tainted 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Call Trace: <IRQ> __dumpstack lib/dumpstack.c:88 [inline] dumpstacklvl+0x241/0x360 lib/dumpstack.c:114 lockdeprcususpicious+0x221/0x340 kernel/locking/lockdep.c:6712 nfreinject net/netfilter/nfnetlinkqueue.c:323 [inline] nfqnlreinject+0x6ec/0x1120 net/netfilter/nfnetlinkqueue.c:397 nfqnlflush net/netfilter/nfnetlinkqueue.c:410 [inline] instancedestroyrcu+0x1ae/0x220 net/netfilter/nfnetlinkqueue.c:172 rcudobatch kernel/rcu/tree.c:2196 [inline] rcucore+0xafd/0x1830 kernel/rcu/tree.c:2471 handlesoftirqs+0x2d6/0x990 kernel/softirq.c:554 __dosoftirq kernel/softirq.c:588 [inline] invokesoftirq kernel/softirq.c:428 [inline] _irqexitrcu+0xf4/0x1c0 kernel/softirq.c:637 irqexitrcu+0x9/0x30 kernel/softirq.c:649 instrsysvecapictimerinterrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvecapictimerinterrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 </IRQ> <TASK>
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36286.json" }- References
-
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
- https://cert-portal.siemens.com/productcert/html/ssa-398330.html
- https://cert-portal.siemens.com/productcert/html/ssa-613116.html
- https://git.kernel.org/stable/c/215df6490e208bfdd5b3012f5075e7f8736f3e7a
- https://git.kernel.org/stable/c/25ea5377e3d2921a0f96ae2551f5ab1b36825dd4
- https://git.kernel.org/stable/c/3989b817857f4890fab9379221a9d3f52bf5c256
- https://git.kernel.org/stable/c/68f40354a3851df46c27be96b84f11ae193e36c5
- https://git.kernel.org/stable/c/8658bd777cbfcb0c13df23d0ea120e70517761b9
- https://git.kernel.org/stable/c/8f365564af898819a523f1a8cf5c6ce053e9f718
- https://git.kernel.org/stable/c/dc21c6cc3d6986d938efbf95de62473982c98dec
- https://git.kernel.org/stable/c/e01065b339e323b3dfa1be217fd89e9b3208b0ab
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36286.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-36286
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9872bec773c2e8503fec480c1e8a0c732517e257Fixed8658bd777cbfcb0c13df23d0ea120e70517761b9Fixed3989b817857f4890fab9379221a9d3f52bf5c256Fixede01065b339e323b3dfa1be217fd89e9b3208b0abFixed25ea5377e3d2921a0f96ae2551f5ab1b36825dd4Fixed68f40354a3851df46c27be96b84f11ae193e36c5Fixed8f365564af898819a523f1a8cf5c6ce053e9f718Fixed215df6490e208bfdd5b3012f5075e7f8736f3e7aFixeddc21c6cc3d6986d938efbf95de62473982c98dec
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced2.6.25Fixed4.19.316
- Type
- ECOSYSTEM
- Events
-
Introduced4.20.0Fixed5.4.278
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.219
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.161
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.93
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.33
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.9.4