CVE-2024-26643

netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout

References

https://cve.org/CVERecord/?id=CVE-2024-26643

Notes

 carnil> Introduced in 5f68718b34a5 ("netfilter: nf_tables: GC transaction API to avoid
 carnil> race with control plane"). Vulnerable versions: 5.4.262 5.10.198 5.15.134
 carnil> 6.1.56 6.4.11 6.5-rc6.

Bugs

Status

Branch	Status
4.19-buster-security	N/A "Vulnerable code not present"
4.19-upstream-stable	N/A "Vulnerable code not present"
5.10-bullseye-security	released (5.10.216-1)
5.10-upstream-stable	released (5.10.215) [e2d45f467096e931044f0ab7634499879d851a5c]
6.1-bookworm-security	released (6.1.85-1)
6.1-upstream-stable	released (6.1.84) [406b0241d0eb598a0b330ab20ae325537d8d8163]
6.6-upstream-stable	released (6.6.24) [b2d6f9a5b1cf968f1eaa71085ceeb09c2cb276b1]
6.8-upstream-stable	N/A "Fixed before branching point"
sid	released (6.7.12-1)
upstream	released (6.8) [552705a3650bbf46a22b1adedc1b04181490fc36]