CVE-2024-26910

netfilter: ipset: fix performance regression in swap operation

References

https://cve.org/CVERecord/?id=CVE-2024-26910

Notes

 carnil> Introduced in 28628fa952fe ("netfilter: ipset: fix race condition between
 carnil> swap/destroy and kernel side add/del/test"). Vulnerable versions: 4.19.302
 carnil> 5.4.264 5.10.204 5.15.143 6.1.68 6.6.7 6.7-rc2.

Bugs

Status

Branch	Status
4.19-buster-security	needed
4.19-upstream-stable	needed
5.10-bullseye-security	released (5.10.216-1)
5.10-upstream-stable	released (5.10.210) [a24d5f2ac8ef702a58e55ec276aad29b4bd97e05]
6.1-bookworm-security	released (6.1.82-1)
6.1-upstream-stable	released (6.1.79) [653bc5e6d9995d7d5f497c665b321875a626161c]
6.6-upstream-stable	released (6.6.18) [b93a6756a01f4fd2f329a39216f9824c56a66397]
6.8-upstream-stable	N/A "Fixed before branching point"
sid	released (6.7.7-1)
upstream	released (6.8-rc3) [97f7cf1cd80eeed3b7c808b7c12463295c751001]