In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix suspicious rcu_dereference_protected() When destroying all sets, we are either in pernet exit phase or are executing a "destroy all sets command" from userspace. The latter was taken into account in ip_set_dereference() (nfnetlink mutex is held), but the former was not. The patch adds the required check to rcu_dereference_protected() in ip_set_dereference().
| Product | Vendor | Version |
|---|---|---|
| Linux | Linux | 7.0.9 |
| Linux | Linux | n/a |
| Linux | Linux | 10 Version 1709 for ARM64-based Systems |
| Linux | Linux | 2008 R2 for Itanium-Based Systems Service Pack 1 |