CVE-2024-35900
📋 TL;DR
A race condition vulnerability in the Linux kernel's netfilter nf_tables subsystem allows inconsistent state when adding new basechains after toggling a table's dormant flag. This can trigger kernel warnings and potential system instability. Affects Linux systems using nf_tables firewall functionality.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash due to double unregistration of hooks, leading to denial of service and potential data loss.
Likely Case
Kernel warning messages in system logs and temporary network disruption until the inconsistent state is resolved.
If Mitigated
Minor performance impact with warning messages but no service disruption if properly handled.
🎯 Exploit Status
Requires CAP_NET_ADMIN capability and specific nf_tables configuration sequence to trigger.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patches available in stable kernel branches (commits: 41bad13c0e8a5a2b47a7472cced922555372daab, 420132bee3d0136b7fba253a597b098fe15493a7, 6d12f21f8bbe23fde25b77c2bf5973c136b8bef8, 745cf6a843896cdac8766c74379300ed73c78830, 7b6fba6918714afee3e17796113ccab636255c7b)
Vendor Advisory: https://git.kernel.org/stable/c/41bad13c0e8a5a2b47a7472cced922555372daab
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Restrict nf_tables configuration
linuxLimit CAP_NET_ADMIN capabilities to prevent unauthorized nf_tables modifications.
# Review and restrict users with CAP_NET_ADMIN
getcap /usr/sbin/nft
# Consider using capabilities bounding set
cat /proc/self/status | grep CapBnd
🧯 If You Can't Patch
- Monitor system logs for nf_tables warning messages and investigate any configuration changes
- Implement strict change control for firewall/nf_tables configurations
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if nf_tables is in use: uname -r && lsmod | grep nf_tablesCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and check for absence of warning messages in dmesg related to nf_unregister_net_hook📡 Detection & Monitoring
Log Indicators:
- WARNING messages about __nf_unregister_net_hook in kernel logs
- nf_tables related error messages in dmesg
Network Indicators:
- Unexpected firewall rule changes or network disruptions
SIEM Query:
source="kernel" AND "__nf_unregister_net_hook" OR "nf_tables" AND "WARNING"🔗 References
- https://git.kernel.org/stable/c/41bad13c0e8a5a2b47a7472cced922555372daab
- https://git.kernel.org/stable/c/420132bee3d0136b7fba253a597b098fe15493a7
- https://git.kernel.org/stable/c/6d12f21f8bbe23fde25b77c2bf5973c136b8bef8
- https://git.kernel.org/stable/c/745cf6a843896cdac8766c74379300ed73c78830
- https://git.kernel.org/stable/c/7b6fba6918714afee3e17796113ccab636255c7b
- https://git.kernel.org/stable/c/8ba81dca416adf82fc5a2a23abc1a8cc02ad32fb
- https://git.kernel.org/stable/c/994209ddf4f430946f6247616b2e33d179243769
- https://git.kernel.org/stable/c/e95bb4cba94c018be24b11f017d1c55dd6cda31a
- https://git.kernel.org/stable/c/41bad13c0e8a5a2b47a7472cced922555372daab
- https://git.kernel.org/stable/c/420132bee3d0136b7fba253a597b098fe15493a7
- https://git.kernel.org/stable/c/6d12f21f8bbe23fde25b77c2bf5973c136b8bef8
- https://git.kernel.org/stable/c/745cf6a843896cdac8766c74379300ed73c78830
- https://git.kernel.org/stable/c/7b6fba6918714afee3e17796113ccab636255c7b
- https://git.kernel.org/stable/c/8ba81dca416adf82fc5a2a23abc1a8cc02ad32fb
- https://git.kernel.org/stable/c/994209ddf4f430946f6247616b2e33d179243769
- https://git.kernel.org/stable/c/e95bb4cba94c018be24b11f017d1c55dd6cda31a
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
