VYPR
Medium severity5.5NVD Advisory· Published Jul 12, 2024· Updated Jun 17, 2026

CVE-2024-40993

CVE-2024-40993

Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ipset: Fix suspicious rcu_dereference_protected()

When destroying all sets, we are either in pernet exit phase or are executing a "destroy all sets command" from userspace. The latter was taken into account in ip_set_dereference() (nfnetlink mutex is held), but the former was not. The patch adds the required check to rcu_dereference_protected() in ip_set_dereference().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • Linux/Kernel6 versions
    cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.1.95:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.6.35:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:6.9.6:*:*:*:*:*:*:*
    • (no CPE)
    • (no CPE)range: 6.1.95
  • osv-coords
    Range: >= 6.1.95, < 6.1.96

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.