{
  "threat_severity" : "Moderate",
  "public_date" : "2024-06-21T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()",
    "id" : "2293711",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2293711"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-667",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()\nsyzbot reported that nf_reinject() could be called without rcu_read_lock() :\nWARNING: suspicious RCU usage\n6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Not tainted\nnet/netfilter/nfnetlink_queue.c:263 suspicious rcu_dereference_check() usage!\nother info that might help us debug this:\nrcu_scheduler_active = 2, debug_locks = 1\n2 locks held by syz-executor.4/13427:\n#0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]\n#0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2190 [inline]\n#0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_core+0xa86/0x1830 kernel/rcu/tree.c:2471\n#1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n#1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: nfqnl_flush net/netfilter/nfnetlink_queue.c:405 [inline]\n#1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: instance_destroy_rcu+0x30/0x220 net/netfilter/nfnetlink_queue.c:172\nstack backtrace:\nCPU: 0 PID: 13427 Comm: syz-executor.4 Not tainted 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nCall Trace:\n<IRQ>\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\nlockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712\nnf_reinject net/netfilter/nfnetlink_queue.c:323 [inline]\nnfqnl_reinject+0x6ec/0x1120 net/netfilter/nfnetlink_queue.c:397\nnfqnl_flush net/netfilter/nfnetlink_queue.c:410 [inline]\ninstance_destroy_rcu+0x1ae/0x220 net/netfilter/nfnetlink_queue.c:172\nrcu_do_batch kernel/rcu/tree.c:2196 [inline]\nrcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471\nhandle_softirqs+0x2d6/0x990 kernel/softirq.c:554\n__do_softirq kernel/softirq.c:588 [inline]\ninvoke_softirq kernel/softirq.c:428 [inline]\n__irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637\nirq_exit_rcu+0x9/0x30 kernel/softirq.c:649\ninstr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]\nsysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043\n</IRQ>\n<TASK>" ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-08-08T00:00:00Z",
    "advisory" : "RHSA-2024:5102",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-553.16.1.rt7.357.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-08-08T00:00:00Z",
    "advisory" : "RHSA-2024:5101",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.16.1.el8_10"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-36286\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-36286\nhttps://lore.kernel.org/linux-cve-announce/2024062135-CVE-2024-36286-ebd5@gregkh/T" ],
  "name" : "CVE-2024-36286",
  "csaw" : false
}