Publish CVE-2024-26581

Allocated to 60c0c230c6f0 ("netfilter: nft_set_rbtree: skip end interval element from gc")

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

4 files changed, 177 insertions, 0 deletions

diff --git a/cve/reserved/2024/CVE-2024-26581 b/cve/published/2024/CVE-2024-26581
index e69de29b..e69de29b 100644
--- a/cve/reserved/2024/CVE-2024-26581
+++ b/cve/published/2024/CVE-2024-26581
diff --git a/cve/published/2024/CVE-2024-26581.json b/cve/published/2024/CVE-2024-26581.json
new file mode 100644
index 00000000..607445e9
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26581.json
@@ -0,0 +1,108 @@
+{
+   "containers": {
+      "cna": {
+         "providerMetadata": {
+            "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
+         },
+         "descriptions": [
+            {
+               "lang": "en",
+               "value": "netfilter: nft_set_rbtree: skip end interval element from gc\n\nrbtree lazy gc on insert might collect an end interval element that has\nbeen just added in this transactions, skip end interval elements that\nare not yet active."
+            }
+         ],
+         "affected": [
+            {
+               "product": "Linux",
+               "vendor": "Linux",
+               "defaultStatus": "unaffected",
+               "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+               "versions": [
+                  {
+                     "version": "89a4d1a89751",
+                     "lessThan": "1296c110c5a0",
+                     "status": "affected",
+                     "versionType": "git"
+                  },
+                  {
+                     "version": "f718863aca46",
+                     "lessThan": "b734f7a47aeb",
+                     "status": "affected",
+                     "versionType": "git"
+                  },
+                  {
+                     "version": "f718863aca46",
+                     "lessThan": "6eb14441f106",
+                     "status": "affected",
+                     "versionType": "git"
+                  },
+                  {
+                     "version": "f718863aca46",
+                     "lessThan": "60c0c230c6f0",
+                     "status": "affected",
+                     "versionType": "git"
+                  }
+               ]
+            },
+            {
+               "product": "Linux",
+               "vendor": "Linux",
+               "defaultStatus": "affected",
+               "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+               "versions": [
+                  {
+                     "version": "6.1.78",
+                     "lessThanOrEqual": "6.1.*",
+                     "status": "unaffected",
+                     "versionType": "custom"
+                  },
+                  {
+                     "version": "6.6.17",
+                     "lessThanOrEqual": "6.6.*",
+                     "status": "unaffected",
+                     "versionType": "custom"
+                  },
+                  {
+                     "version": "6.7.5",
+                     "lessThanOrEqual": "6.7.*",
+                     "status": "unaffected",
+                     "versionType": "custom"
+                  },
+                  {
+                     "version": "6.8-rc4",
+                     "lessThanOrEqual": "*",
+                     "status": "unaffected",
+                     "versionType": "original_commit_for_fix"
+                  }
+               ]
+            }
+         ],
+         "references": [
+            {
+               "url": "https://git.kernel.org/stable/c/1296c110c5a0"
+            },
+            {
+               "url": "https://git.kernel.org/stable/c/b734f7a47aeb"
+            },
+            {
+               "url": "https://git.kernel.org/stable/c/6eb14441f106"
+            },
+            {
+               "url": "https://git.kernel.org/stable/c/60c0c230c6f0"
+            }
+         ],
+         "title": "netfilter: nft_set_rbtree: skip end interval element from gc",
+         "x_generator": {
+            "engine": "bippy-c4875b56942e"
+         }
+      }
+   },
+   "cveMetadata": {
+      "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
+      "cveID": "CVE-2024-26581",
+      "requesterUserId": "gregkh@linuxfoundation.org",
+      "serial": "1",
+      "state": "PUBLISHED"
+   },
+   "dataType": "CVE_RECORD",
+   "dataVersion": "5.0"
+}
diff --git a/cve/published/2024/CVE-2024-26581.mbox b/cve/published/2024/CVE-2024-26581.mbox
new file mode 100644
index 00000000..c5046ccd
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26581.mbox
@@ -0,0 +1,68 @@
+From bippy-c4875b56942e Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+To: <linux-cve-announce@vger.kernel.org>
+Reply-to: <cve@kernel.org>
+Subject: CVE-2024-26581: netfilter: nft_set_rbtree: skip end interval element from gc
+Message-Id: <2024022024-uniquely-recluse-d893@gregkh>
+Content-Length: 1934
+Lines: 51
+X-Developer-Signature: v=1; a=openpgp-sha256; l=1986;
+ i=gregkh@linuxfoundation.org; h=from:subject:message-id;
+ bh=nc9n0/q8tE3oocpl3x3A7dFNN6A/+fr4plOq63aQZiY=;
+ b=owGbwMvMwCRo6H6F97bub03G02pJDKlXFjI4lDdqb7G3Wn42c0bUip/Kz3Xc2zYV/V58TqkgU
+ S8rPdimI5aFQZCJQVZMkeXLNp6j+ysOKXoZ2p6GmcPKBDKEgYtTACZSzcowz6o4f2NURMi1GTKL
+ tCZErb5Zo8DVyDBPx/1g0QaRx1tWG9rXO8xcdqb41QcBAA==
+X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp;
+ fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29
+
+Description
+===========
+
+netfilter: nft_set_rbtree: skip end interval element from gc
+
+rbtree lazy gc on insert might collect an end interval element that has
+been just added in this transactions, skip end interval elements that
+are not yet active.
+
+The Linux kernel CVE team has assigned CVE-2024-26581 to this issue.
+
+
+Affected and fixed versions
+===========================
+
+	Issue introduced in 6.1.43 with commit 89a4d1a89751 and fixed in 6.1.78 with commit 1296c110c5a0
+	Issue introduced in 6.5 with commit f718863aca46 and fixed in 6.6.17 with commit b734f7a47aeb
+	Issue introduced in 6.5 with commit f718863aca46 and fixed in 6.7.5 with commit 6eb14441f106
+	Issue introduced in 6.5 with commit f718863aca46 and fixed in 6.8-rc4 with commit 60c0c230c6f0
+
+Please see https://www.kernel.org or a full list of currently supported
+kernel versions by the kernel community.
+
+Unaffected versions might change over time as fixes are backported to
+older supported kernel versions.  The official CVE entry at
+	https://cve.org/CVERecord/?id=CVE-2024-26581
+will be updated if fixes are backported, please check that for the most
+up to date information about this issue.
+
+
+Affected files
+==============
+
+The file(s) affected by this issue are:
+	net/netfilter/nft_set_rbtree.c
+
+
+Mitigation
+==========
+
+The Linux kernel CVE team recommends that you update to the latest
+stable kernel version for this, and many other bugfixes.  Individual
+changes are never tested alone, but rather are part of a larger kernel
+release.  Cherry-picking individual commits is not recommended or
+supported by the Linux kernel community at all.  If however, updating to
+the latest release is impossible, the individual changes to resolve this
+issue can be found at these commits:
+	https://git.kernel.org/stable/c/1296c110c5a0
+	https://git.kernel.org/stable/c/b734f7a47aeb
+	https://git.kernel.org/stable/c/6eb14441f106
+	https://git.kernel.org/stable/c/60c0c230c6f0
diff --git a/cve/published/2024/CVE-2024-26581.sha1 b/cve/published/2024/CVE-2024-26581.sha1
new file mode 100644
index 00000000..e37d9155
--- /dev/null
+++ b/cve/published/2024/CVE-2024-26581.sha1
@@ -0,0 +1 @@
+60c0c230c6f046da536d3df8b39a20b9a9fd6af0