VYPR
Unrated severityNVD Advisory· Published Apr 4, 2024· Updated May 4, 2025

netfilter: nft_set_pipapo: release elements in clone only from destroy path

CVE-2024-26809

Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_pipapo: release elements in clone only from destroy path

Clone already always provides a current view of the lookup table, use it to destroy the set, otherwise it is possible to destroy elements twice.

This fix requires:

212ed75dc5fb ("netfilter: nf_tables: integrate pipapo into commit protocol")

which came after:

9827a0e6e23b ("netfilter: nft_set_pipapo: release elements in clone from abort path").

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

54

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.