#VU91427 Race condition within a thread in Linux kernel - CVE-2024-35898

Vulnerability identifier: #VU91427

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35898

CWE-ID: CWE-366

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the nf_tables_flowtable_parse_hook() and nft_flowtable_type_get() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 4.19, 4.19.1, 4.19.2, 4.19.3, 4.19.4, 4.19.5, 4.19.6, 4.19.7, 4.19.8, 4.19.9, 4.19.10, 4.19.11, 4.19.12, 4.19.13, 4.19.14, 4.19.15, 4.19.16, 4.19.17, 4.19.18, 4.19.19, 4.19.20, 4.19.21, 4.19.22, 4.19.23, 4.19.24, 4.19.25, 4.19.26, 4.19.27, 4.19.28, 4.19.29, 4.19.30, 4.19.31, 4.19.32, 4.19.33, 4.19.34, 4.19.35, 4.19.36, 4.19.37, 4.19.38, 4.19.39, 4.19.40, 4.19.41, 4.19.42, 4.19.43, 4.19.44, 4.19.45, 4.19.46, 4.19.47, 4.19.48, 4.19.49, 4.19.50, 4.19.51, 4.19.52, 4.19.53, 4.19.54, 4.19.55, 4.19.56, 4.19.57, 4.19.58, 4.19.59, 4.19.60, 4.19.61, 4.19.62, 4.19.63, 4.19.64, 4.19.65, 4.19.66, 4.19.67, 4.19.68, 4.19.69, 4.19.70, 4.19.71, 4.19.72, 4.19.73, 4.19.74, 4.19.75, 4.19.76, 4.19.77, 4.19.78, 4.19.79, 4.19.80, 4.19.81, 4.19.82, 4.19.83, 4.19.84, 4.19.85, 4.19.86, 4.19.87, 4.19.88, 4.19.89, 4.19.90, 4.19.91, 4.19.92, 4.19.93, 4.19.94, 4.19.95, 4.19.96, 4.19.97, 4.19.98, 4.19.99, 4.19.100, 4.19.101, 4.19.102, 4.19.103, 4.19.104, 4.19.105, 4.19.106, 4.19.107, 4.19.108, 4.19.109, 4.19.110, 4.19.111, 4.19.112, 4.19.113, 4.19.114, 4.19.115, 4.19.116, 4.19.117, 4.19.118, 4.19.118-2, 4.19.119, 4.19.120, 4.19.121, 4.19.122, 4.19.123, 4.19.124, 4.19.125, 4.19.126, 4.19.127, 4.19.128, 4.19.129, 4.19.130, 4.19.131, 4.19.132, 4.19.133, 4.19.134, 4.19.135, 4.19.136, 4.19.137, 4.19.138, 4.19.139, 4.19.140, 4.19.141, 4.19.142, 4.19.143, 4.19.144, 4.19.145, 4.19.146, 4.19.147, 4.19.148, 4.19.149, 4.19.150, 4.19.151, 4.19.152, 4.19.153, 4.19.154, 4.19.155, 4.19.156, 4.19.157, 4.19.158, 4.19.159, 4.19.160, 4.19.161, 4.19.162, 4.19.163, 4.19.164, 4.19.165, 4.19.166, 4.19.167, 4.19.168, 4.19.169, 4.19.170, 4.19.171, 4.19.172, 4.19.173, 4.19.174, 4.19.175, 4.19.176, 4.19.177, 4.19.178, 4.19.179, 4.19.180, 4.19.181, 4.19.182, 4.19.183, 4.19.184, 4.19.185, 4.19.186, 4.19.187, 4.19.188, 4.19.189, 4.19.190, 4.19.191, 4.19.192, 4.19.193, 4.19.194, 4.19.195, 4.19.196, 4.19.197, 4.19.198, 4.19.199, 4.19.200, 4.19.201, 4.19.202, 4.19.203, 4.19.204, 4.19.205, 4.19.206, 4.19.207, 4.19.208, 4.19.209, 4.19.210, 4.19.211, 4.19.212, 4.19.213, 4.19.214, 4.19.215, 4.19.216, 4.19.217, 4.19.218, 4.19.219, 4.19.220, 4.19.221, 4.19.222, 4.19.223, 4.19.224, 4.19.225, 4.19.226, 4.19.227, 4.19.228, 4.19.229, 4.19.230, 4.19.231, 4.19.232, 4.19.233, 4.19.234, 4.19.235, 4.19.236, 4.19.237, 4.19.238, 4.19.239, 4.19.240, 4.19.241, 4.19.242, 4.19.243, 4.19.244, 4.19.245, 4.19.246, 4.19.247, 4.19.248, 4.19.249, 4.19.250, 4.19.251, 4.19.252, 4.19.253, 4.19.254, 4.19.255, 4.19.256, 4.19.257, 4.19.258, 4.19.259, 4.19.260, 4.19.261, 4.19.262, 4.19.263, 4.19.264, 4.19.265, 4.19.266, 4.19.267, 4.19.268, 4.19.269, 4.19.270, 4.19.271, 4.19.272, 4.19.273, 4.19.274, 4.19.275, 4.19.276, 4.19.277, 4.19.278, 4.19.279, 4.19.280, 4.19.281, 4.19.282, 4.19.283, 4.19.284, 4.19.285, 4.19.286, 4.19.287, 4.19.288, 4.19.289, 4.19.290, 4.19.291, 4.19.292, 4.19.293, 4.19.294, 4.19.295, 4.19.296, 4.19.297, 4.19.298, 4.19.299, 4.19.300, 4.19.301, 4.19.302, 4.19.303, 4.19.304, 4.19.305, 4.19.306, 4.19.307, 4.19.308, 4.19.309, 4.19.310, 4.19.311, 5.4, 5.4.0, 5.4.0 rc6, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.4.6, 5.4.7, 5.4.8, 5.4.9, 5.4.10, 5.4.11, 5.4.12, 5.4.13, 5.4.14, 5.4.15, 5.4.16, 5.4.17, 5.4.18, 5.4.19, 5.4.20, 5.4.21, 5.4.22, 5.4.23, 5.4.24, 5.4.25, 5.4.26, 5.4.27, 5.4.28, 5.4.29, 5.4.30, 5.4.31, 5.4.32, 5.4.33, 5.4.34, 5.4.35, 5.4.36, 5.4.37, 5.4.38, 5.4.39, 5.4.40, 5.4.41, 5.4.42, 5.4.43, 5.4.44, 5.4.45, 5.4.46, 5.4.47, 5.4.48, 5.4.49, 5.4.50, 5.4.51, 5.4.52, 5.4.53, 5.4.54, 5.4.55, 5.4.56, 5.4.57, 5.4.58, 5.4.59, 5.4.60, 5.4.61, 5.4.62, 5.4.63, 5.4.64, 5.4.65, 5.4.66, 5.4.67, 5.4.68, 5.4.69, 5.4.70, 5.4.71, 5.4.72, 5.4.73, 5.4.74, 5.4.75, 5.4.76, 5.4.77, 5.4.78, 5.4.79, 5.4.80, 5.4.81, 5.4.82, 5.4.83, 5.4.84, 5.4.85, 5.4.86, 5.4.87, 5.4.88, 5.4.89, 5.4.90, 5.4.91, 5.4.92, 5.4.93, 5.4.94, 5.4.95, 5.4.96, 5.4.97, 5.4.98, 5.4.99, 5.4.100, 5.4.101, 5.4.102, 5.4.103, 5.4.104, 5.4.105, 5.4.106, 5.4.107, 5.4.108, 5.4.109, 5.4.110, 5.4.111, 5.4.112, 5.4.113, 5.4.114, 5.4.115, 5.4.116, 5.4.117, 5.4.118, 5.4.119, 5.4.120, 5.4.121, 5.4.122, 5.4.123, 5.4.124, 5.4.125, 5.4.126, 5.4.127, 5.4.128, 5.4.129, 5.4.130, 5.4.131, 5.4.132, 5.4.133, 5.4.134, 5.4.135, 5.4.136, 5.4.137, 5.4.138, 5.4.139, 5.4.140, 5.4.141, 5.4.142, 5.4.143, 5.4.144, 5.4.145, 5.4.146, 5.4.147, 5.4.148, 5.4.149, 5.4.150, 5.4.151, 5.4.152, 5.4.153, 5.4.154, 5.4.155, 5.4.156, 5.4.157, 5.4.158, 5.4.159, 5.4.160, 5.4.161, 5.4.162, 5.4.163, 5.4.164, 5.4.165, 5.4.166, 5.4.167, 5.4.168, 5.4.169, 5.4.170, 5.4.171, 5.4.172, 5.4.173, 5.4.174, 5.4.175, 5.4.176, 5.4.177, 5.4.178, 5.4.179, 5.4.180, 5.4.181, 5.4.182, 5.4.183, 5.4.184, 5.4.185, 5.4.186, 5.4.187, 5.4.188, 5.4.189, 5.4.190, 5.4.191, 5.4.192, 5.4.193, 5.4.194, 5.4.195, 5.4.196, 5.4.197, 5.4.198, 5.4.199, 5.4.200, 5.4.201, 5.4.202, 5.4.203, 5.4.204, 5.4.205, 5.4.206, 5.4.207, 5.4.208, 5.4.209, 5.4.210, 5.4.211, 5.4.212, 5.4.213, 5.4.214, 5.4.215, 5.4.216, 5.4.217, 5.4.218, 5.4.219, 5.4.220, 5.4.221, 5.4.222, 5.4.223, 5.4.224, 5.4.225, 5.4.226, 5.4.227, 5.4.228, 5.4.229, 5.4.230, 5.4.231, 5.4.232, 5.4.233, 5.4.234, 5.4.235, 5.4.236, 5.4.237, 5.4.238, 5.4.239, 5.4.240, 5.4.241, 5.4.242, 5.4.243, 5.4.244, 5.4.245, 5.4.246, 5.4.247, 5.4.248, 5.4.249, 5.4.250, 5.4.251, 5.4.252, 5.4.253, 5.4.254, 5.4.255, 5.4.256, 5.4.257, 5.4.258, 5.4.259, 5.4.260, 5.4.261, 5.4.262, 5.4.263, 5.4.264, 5.4.265, 5.4.266, 5.4.267, 5.4.268, 5.4.269, 5.4.270, 5.4.271, 5.4.272, 5.4.273, 5.10, 5.10 rc1, 5.10 rc2, 5.10 rc3, 5.10 rc4, 5.10 rc5, 5.10 rc7, 5.10.1, 5.10.2, 5.10.3, 5.10.4, 5.10.5, 5.10.6, 5.10.7, 5.10.8, 5.10.9, 5.10.10, 5.10.11, 5.10.12, 5.10.13, 5.10.14, 5.10.15, 5.10.16, 5.10.17, 5.10.18, 5.10.19, 5.10.20, 5.10.21, 5.10.22, 5.10.23, 5.10.24, 5.10.25, 5.10.26, 5.10.27, 5.10.28, 5.10.29, 5.10.30, 5.10.31, 5.10.32, 5.10.33, 5.10.34, 5.10.35, 5.10.36, 5.10.37, 5.10.38, 5.10.39, 5.10.40, 5.10.41, 5.10.42, 5.10.43, 5.10.44, 5.10.45, 5.10.46, 5.10.47, 5.10.48, 5.10.49, 5.10.50, 5.10.51, 5.10.52, 5.10.53, 5.10.54, 5.10.55, 5.10.56, 5.10.57, 5.10.58, 5.10.59, 5.10.60, 5.10.61, 5.10.62, 5.10.63, 5.10.64, 5.10.65, 5.10.66, 5.10.67, 5.10.68, 5.10.69, 5.10.70, 5.10.71, 5.10.72, 5.10.73, 5.10.74, 5.10.75, 5.10.76, 5.10.77, 5.10.78, 5.10.79, 5.10.80, 5.10.81, 5.10.82, 5.10.83, 5.10.84, 5.10.85, 5.10.86, 5.10.87, 5.10.88, 5.10.89, 5.10.90, 5.10.91, 5.10.92, 5.10.93, 5.10.94, 5.10.95, 5.10.96, 5.10.97, 5.10.98, 5.10.99, 5.10.100, 5.10.101, 5.10.102, 5.10.103, 5.10.104, 5.10.105, 5.10.106, 5.10.107, 5.10.108, 5.10.109, 5.10.110, 5.10.111, 5.10.112, 5.10.113, 5.10.114, 5.10.115, 5.10.116, 5.10.117, 5.10.118, 5.10.119, 5.10.120, 5.10.121, 5.10.122, 5.10.123, 5.10.124, 5.10.125, 5.10.126, 5.10.127, 5.10.128, 5.10.129, 5.10.130, 5.10.131, 5.10.132, 5.10.133, 5.10.134, 5.10.135, 5.10.136, 5.10.137, 5.10.138, 5.10.139, 5.10.140, 5.10.141, 5.10.142, 5.10.143, 5.10.144, 5.10.145, 5.10.146, 5.10.147, 5.10.148, 5.10.149, 5.10.150, 5.10.151, 5.10.152, 5.10.153, 5.10.154, 5.10.155, 5.10.156, 5.10.157, 5.10.158, 5.10.159, 5.10.160, 5.10.161, 5.10.162, 5.10.163, 5.10.164, 5.10.165, 5.10.166, 5.10.167, 5.10.168, 5.10.169, 5.10.170, 5.10.171, 5.10.172, 5.10.173, 5.10.174, 5.10.175, 5.10.176, 5.10.177, 5.10.178, 5.10.179, 5.10.180, 5.10.181, 5.10.182, 5.10.183, 5.10.184, 5.10.185, 5.10.186, 5.10.187, 5.10.188, 5.10.189, 5.10.190, 5.10.191, 5.10.192, 5.10.193, 5.10.194, 5.10.195, 5.10.196, 5.10.197, 5.10.198, 5.10.199, 5.10.200, 5.10.201, 5.10.202, 5.10.203, 5.10.204, 5.10.205, 5.10.206, 5.10.207, 5.10.208, 5.10.209, 5.10.210, 5.10.211, 5.10.212, 5.10.213, 5.10.214, 5.15, 5.15 rc1, 5.15 rc2, 5.15 rc3, 5.15 rc4, 5.15 rc5, 5.15 rc6, 5.15 rc7, 5.15.0, 5.15.1, 5.15.2, 5.15.3, 5.15.4, 5.15.5, 5.15.6, 5.15.7, 5.15.8, 5.15.9, 5.15.10, 5.15.11, 5.15.12, 5.15.13, 5.15.14, 5.15.15, 5.15.16, 5.15.17, 5.15.18, 5.15.19, 5.15.20, 5.15.21, 5.15.22, 5.15.23, 5.15.24, 5.15.25, 5.15.26, 5.15.27, 5.15.28, 5.15.29, 5.15.30, 5.15.31, 5.15.32, 5.15.33, 5.15.34, 5.15.35, 5.15.36, 5.15.37, 5.15.38, 5.15.39, 5.15.40, 5.15.41, 5.15.42, 5.15.43, 5.15.44, 5.15.45, 5.15.46, 5.15.47, 5.15.48, 5.15.49, 5.15.50, 5.15.51, 5.15.52, 5.15.53, 5.15.54, 5.15.55, 5.15.56, 5.15.57, 5.15.58, 5.15.59, 5.15.60, 5.15.61, 5.15.62, 5.15.63, 5.15.64, 5.15.65, 5.15.66, 5.15.67, 5.15.68, 5.15.69, 5.15.70, 5.15.71, 5.15.72, 5.15.73, 5.15.74, 5.15.75, 5.15.76, 5.15.77, 5.15.78, 5.15.79, 5.15.80, 5.15.81, 5.15.82, 5.15.83, 5.15.84, 5.15.85, 5.15.86, 5.15.87, 5.15.88, 5.15.89, 5.15.90, 5.15.91, 5.15.92, 5.15.93, 5.15.94, 5.15.95, 5.15.96, 5.15.97, 5.15.98, 5.15.99, 5.15.100, 5.15.101, 5.15.102, 5.15.103, 5.15.104, 5.15.105, 5.15.106, 5.15.107, 5.15.108, 5.15.109, 5.15.110, 5.15.111, 5.15.112, 5.15.113, 5.15.114, 5.15.115, 5.15.116, 5.15.117, 5.15.118, 5.15.119, 5.15.120, 5.15.121, 5.15.122, 5.15.123, 5.15.124, 5.15.125, 5.15.126, 5.15.127, 5.15.128, 5.15.129, 5.15.130, 5.15.131, 5.15.132, 5.15.133, 5.15.134, 5.15.135, 5.15.136, 5.15.137, 5.15.138, 5.15.139, 5.15.140, 5.15.141, 5.15.142, 5.15.143, 5.15.144, 5.15.145, 5.15.146, 5.15.147, 5.15.148, 5.15.149, 5.15.150, 5.15.151, 5.15.152, 5.15.153, 6.1, 6.1 rc1, 6.1 rc3, 6.1 rc7, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14, 6.1.15, 6.1.16, 6.1.17, 6.1.18, 6.1.19, 6.1.20, 6.1.21, 6.1.22, 6.1.23, 6.1.24, 6.1.25, 6.1.26, 6.1.27, 6.1.28, 6.1.29, 6.1.30, 6.1.31, 6.1.32, 6.1.33, 6.1.34, 6.1.35, 6.1.36, 6.1.37, 6.1.38, 6.1.39, 6.1.40, 6.1.41, 6.1.42, 6.1.43, 6.1.44, 6.1.45, 6.1.46, 6.1.47, 6.1.48, 6.1.49, 6.1.50, 6.1.51, 6.1.52, 6.1.53, 6.1.54, 6.1.55, 6.1.56, 6.1.57, 6.1.58, 6.1.59, 6.1.60, 6.1.61, 6.1.62, 6.1.63, 6.1.64, 6.1.65, 6.1.66, 6.1.67, 6.1.68, 6.1.69, 6.1.70, 6.1.71, 6.1.72, 6.1.73, 6.1.74, 6.1.75, 6.1.76, 6.1.77, 6.1.78, 6.1.79, 6.1.80, 6.1.81, 6.1.82, 6.1.83, 6.1.84, 6.6, 6.6 rc1, 6.6 rc2, 6.6 rc3, 6.6 rc4, 6.6 rc5, 6.6 rc6, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 6.6.13, 6.6.14, 6.6.15, 6.6.16, 6.6.17, 6.6.18, 6.6.19, 6.6.20, 6.6.21, 6.6.22, 6.6.23, 6.6.24, 6.6.25, 6.8, 6.8 rc1, 6.8 rc2, 6.8 rc5, 6.8.1, 6.8.2, 6.8.3, 6.8.4

---

External links
https://git.kernel.org/stable/c/69d1fe14a680042ec913f22196b58e2c8ff1b007
https://git.kernel.org/stable/c/a347bc8e6251eaee4b619da28020641eb5b0dd77
https://git.kernel.org/stable/c/940d41caa71f0d3a52df2fde5fada524a993e331
https://git.kernel.org/stable/c/2485bcfe05ee3cf9ca8923a94fa2e456924c79c8
https://git.kernel.org/stable/c/9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b
https://git.kernel.org/stable/c/8b891153b2e4dc0ca9d9dab8f619d49c740813df
https://git.kernel.org/stable/c/e684b1674fd1ca4361812a491242ae871d6b2859
https://git.kernel.org/stable/c/24225011d81b471acc0e1e315b7d9905459a6304
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.312
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.215
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.154
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.274
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.85
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.26
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.5

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.