Vulnerability Database

320,116

Total vulnerabilities in the database

CVE-2024-26925

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path

The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence.

nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called.

  • Published: Apr 25, 2024
  • Updated: Dec 24, 2025
  • CVE: CVE-2024-26925
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

Software From Fixed in
linux / linux_kernel 4.19.316 4.20
linux / linux_kernel 5.4.262 5.4.274
linux / linux_kernel 5.10.198 5.10.215
linux / linux_kernel 5.15.134 5.15.155
linux / linux_kernel 6.1.56 6.1.86
linux / linux_kernel 6.4.13 6.5
linux / linux_kernel 6.5.1 6.6.26
linux / linux_kernel 6.7 6.8.5
linux / linux_kernel 6.5 6.5.x
linux / linux_kernel 6.9-rc1 6.9-rc1.x
linux / linux_kernel 6.9-rc2 6.9-rc2.x
debian / debian_linux 10.0 10.0.x