{"vulnerability": "CVE-2024-50257", "sightings": [{"uuid": "490cef18-9371-4a5e-8f5f-527c12ae04d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50257", "type": "seen", "source": "https://t.me/cvedetector/10314", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50257 - Apache Netfilter netfilter Use-After-Free (UAF) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50257 \nPublished : Nov. 9, 2024, 11:15 a.m. | 40\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnetfilter: Fix use-after-free in get_info()  \n  \nip6table_nat module unload has refcnt warning for UAF. call trace is:  \n  \nWARNING: CPU: 1 PID: 379 at kernel/module/main.c:853 module_put+0x6f/0x80  \nModules linked in: ip6table_nat(-)  \nCPU: 1 UID: 0 PID: 379 Comm: ip6tables Not tainted 6.12.0-rc4-00047-gc2ee9f594da8-dirty #205  \nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),  \nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014  \nRIP: 0010:module_put+0x6f/0x80  \nCall Trace:  \n   \n get_info+0x128/0x180  \n do_ip6t_get_ctl+0x6a/0x430  \n nf_getsockopt+0x46/0x80  \n ipv6_getsockopt+0xb9/0x100  \n rawv6_getsockopt+0x42/0x190  \n do_sock_getsockopt+0xaa/0x180  \n __sys_getsockopt+0x70/0xc0  \n __x64_sys_getsockopt+0x20/0x30  \n do_syscall_64+0xa2/0x1a0  \n entry_SYSCALL_64_after_hwframe+0x77/0x7f  \n  \nConcurrent execution of module unload and get_info() trigered the warning.  \nThe root cause is as follows:  \n  \ncpu0          cpu1  \nmodule_exit  \n//mod->state = MODULE_STATE_GOING  \n  ip6table_nat_exit  \n    xt_unregister_template  \n kfree(t)  \n //removed from templ_list  \n          getinfo()  \n       t = xt_find_table_lock  \n      list_for_each_entry(tmpl, &xt_templates[af]...)  \n       if (strcmp(tmpl->name, name))  \n        continue;  //table not found  \n       try_module_get  \n      list_for_each_entry(t, &xt_net->tables[af]...)  \n       return t;  //not get refcnt  \n       module_put(t->me) //uaf  \n    unregister_pernet_subsys  \n    //remove table from xt_net list  \n  \nWhile xt_table module was going away and has been removed from  \nxt_templates list, we couldnt get refcnt of xt_table->me. Check  \nmodule in xt_net->tables list re-traversal to fix it. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-09T13:17:33.000000Z"}, {"uuid": "d46a61df-87c5-4470-8fb9-93375b1e1b96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50257", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113453136723760485", "content": "", "creation_timestamp": "2024-11-09T13:04:42.622869Z"}]}