[LTS 9.2] CVE-2024-26585, CVE-2024-26668 #623

pvts-mat · 2025-10-14T15:59:01Z

[LTS 9.2]
CVE-2024-26581 VULN-8184
CVE-2024-26585 VULN-8187
CVE-2024-26668 VULN-8197

Commits

CVE-2024-26581

The bug doesn't apply to Rocky Linux LTS 9.2

The patch deals with how the nft_rbtree_gc_elem(…) is called. It fixes the change in f718863 (1), which is not present in ciqlts9_2 history. The function nft_rbtree_gc_elem(…) itself was introduced in c9e6978 (2) which is missing from ciqlts9_2 history either. From c9e6978's message:

Moreover, perform garbage collection of expired elements when walking
down the node list to avoid bogus overlap reports.

It doesn't have any equivalent in the older versions, as it is associated with the changes to the __nft_rbtree_insert(…) introduced in c9e6978 (2) (the only usage of ~nft_rbtree_gc_elem(…)). See the comparative timeline of the affected file net/netfilter/nft_set_rbtree.c:

   kernel-mainline                                                                                             ciqlts9_2               linux-5.15.y            
   ----------------------------------------------------------------------------------------------------------  ----------------------  ----------------------  
   8d738c186 2025-01-19 netfilter: nf_tables: fix set size with rbtree backend                                                                                 
   e79b47a86 2024-04-17 netfilter: nf_tables: restore set elements when delete set fails                                                                       
0> 60c0c230c 2024-02-08 netfilter: nft_set_rbtree: skip end interval element from gc                                                   ~ 2bab493a5 2024-02-23  
   7395dfacf 2024-02-08 netfilter: nf_tables: use timestamp to check for set element timeout                                           ~ 0d40e8cb1 2024-08-19  
   67059b615 2023-11-14 netfilter: nft_set_rbtree: Remove unused variable nft_net                                                                              
   078996fcd 2023-10-24 netfilter: nf_tables: set->ops->insert returns opaque set element in case of EEXIST                                                    
   0e1ea651c 2023-10-24 netfilter: nf_tables: shrink memory consumption of set elements                                                                        
   9dad402b8 2023-10-24 netfilter: nf_tables: expose opaque set element as struct nft_elem_priv                                                                
   6509a2e41 2023-10-24 netfilter: nf_tables: set backend .flush always succeeds                                                                               
   7d259f021 2023-10-24 netfilter: nft_set_rbtree: prefer sync gc to async worker                                                                              
   8079fc30f 2023-10-24 netfilter: nft_set_rbtree: rename gc deactivate+erase function                                                                         
   d111692a5 2023-10-18 netfilter: nft_set_rbtree: .deactivate fails if element has expired                                            ~ db3372069 2023-10-25  
   087388278 2023-10-04 netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure                                           ~ a4b9bbd1d 2023-10-10  
   4a9e12ea7 2023-09-08 netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC                                       ~ 949369f9f 2023-10-06  
   96b33300f 2023-09-08 netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention                                      ~ 2e6846b61 2023-10-06  
   2ee52ae94 2023-09-06 netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction                                   ~ 9af7dfb3c 2023-10-06  
   8e51830e2 2023-08-23 netfilter: nf_tables: defer gc run if previous batch is still pending                                          ~ 9366966ca 2023-10-06  
   f6c383b8c 2023-08-10 netfilter: nf_tables: adapt set backend to use GC transaction API                                              ~ 479a2cf52 2023-10-06  
   24138933b 2023-08-09 netfilter: nf_tables: don't skip expired elements during walk                                                  ~ 7c7e658a3 2023-10-06  
1> f718863ac 2023-07-26 netfilter: nft_set_rbtree: fix overlap expiration walk                                                         ~ 50cbb9d19 2023-08-03  
   628bd3e49 2023-06-20 netfilter: nf_tables: drop map element references from preparation phase                                       ~ 25aa2ad37 2023-07-23  
   61ae320a2 2023-05-17 netfilter: nft_set_rbtree: fix null deref on element insertion                                                 ~ ec5caa765 2023-05-24  
   5d235d6ce 2023-01-23 netfilter: nft_set_rbtree: skip elements in transaction from garbage collection                                ~ 8a1359560 2023-02-01  
2> c9e6978e2 2023-01-23 netfilter: nft_set_rbtree: Switch to node list walk for overlap detection                                      ~ 2bf1435fa 2023-02-01  
   babc3dc95 2022-04-22 netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion   ~ e68e7ee6e 2022-04-29  ~ c2a69ac00 2022-05-09  
   f227925e5 2021-05-29 netfilter: nf_tables: prefer direct calls for set lookups                              = f227925e5 2021-05-29  = f227925e5 2021-05-29  
   aaa31047a 2021-04-27 netfilter: nftables: add catch-all set element support                                 = aaa31047a 2021-04-27  = aaa31047a 2021-04-27  
   072676304 2020-08-21 netfilter: nft_set_rbtree: Detect partial overlap with start endpoint match            = 072676304 2020-08-21  = 072676304 2020-08-21  
   226a88de4 2020-08-21 netfilter: nft_set_rbtree: Handle outcomes of tree rotations in overlap detection      = 226a88de4 2020-08-21  = 226a88de4 2020-08-21  
   b901892b5 2020-07-29 netfilter: nft_set_rbtree: Use sequence counter with associated rwlock                 = b901892b5 2020-07-29  = b901892b5 2020-07-29  
   …

CVE-2024-26585

bce037a:

tls: fix race between tx work scheduling and socket close

jira VULN-8187
cve CVE-2024-26585
commit-author Jakub Kicinski <[email protected]>
commit e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb
upstream-diff No actual difference from the upstream patch, but required
  manual conflicts resolution due to differences in neighbouring code

CVE-2024-26668

16e1adf:

netfilter: nft_limit: reject configurations that cause integer overflow

jira VULN-8197
cve CVE-2024-26668
commit-author Florian Westphal <[email protected]>
commit c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa
upstream-diff Used `limit' struct instead of `priv' because of missing
  369b6cb5d391750fc01ce951c2500281d2975705. Also added casts to `u64'
  where appropriate as inspired by the RH's LTS 9.4 backport of this patch
  embedded in 270e20bbcd9bb76345ba0cb966a1a070960bffb9.

kABI check: passed

$ DEBUG=1 CVE=CVE-batch-9 ./ninja.sh _kabi_check_kernel__x86_64--test--ciqlts9_2-CVE-batch-9

…
[1/2] kabi_check_kernel	Check ABI of kernel [ciqlts9_2-CVE-batch-9]	_kabi_check_kernel__x86_64--test--ciqlts9_2-CVE-batch-9
++ uname -m
+ python3 /data/src/ctrliq-github-haskell/kernel-dist-git-el-9.2/SOURCES/check-kabi -k /data/src/ctrliq-github-haskell/kernel-dist-git-el-9.2/SOURCES/Module.kabi_x86_64 -s vms/x86_64--build--ciqlts9_2/build_files/kernel-src-tree-ciqlts9_2-CVE-batch-9/Module.symvers
kABI check passed
+ touch state/kernels/ciqlts9_2-CVE-batch-9/x86_64/kabi_checked

Boot test: passed

boot-test.log

Kselftests: passed relative

Reference

kselftests–ciqlts9_2–run1.log
kselftests–ciqlts9_2–run2.log

Patch

kselftests–ciqlts9_2-CVE-batch-9–run1.log
kselftests–ciqlts9_2-CVE-batch-9–run2.log

Comparison

The tests results for the reference and the patch are the same.

$ ktests.xsh diff  kselftests*.log

Column    File
--------  -------------------------------------------
Status0   kselftests--ciqlts9_2--run1.log
Status1   kselftests--ciqlts9_2--run2.log
Status2   kselftests--ciqlts9_2-CVE-batch-9--run1.log
Status3   kselftests--ciqlts9_2-CVE-batch-9--run2.log

TestCase                                               Status0  Status1  Status2  Status3  Summary
bpf:test_bpftool.sh                                    pass     pass     pass     pass     same
bpf:test_bpftool_build.sh                              pass     pass     pass     pass     same
bpf:test_bpftool_metadata.sh                           pass     pass     pass     pass     same
bpf:test_cgroup_storage                                pass     pass     pass     pass     same
bpf:test_doc_build.sh                                  pass     pass     pass     pass     same
bpf:test_flow_dissector.sh                             fail     fail     fail     fail     same
bpf:test_lirc_mode2.sh                                 pass     pass     pass     pass     same
bpf:test_lpm_map                                       pass     pass     pass     pass     same
bpf:test_lru_map                                       pass     pass     pass     pass     same
bpf:test_lwt_ip_encap.sh                               pass     pass     pass     pass     same
bpf:test_lwt_seg6local.sh                              pass     pass     pass     pass     same
bpf:test_offload.py                                    fail     fail     fail     fail     same
bpf:test_sock                                          pass     pass     pass     pass     same
bpf:test_sock_addr.sh                                  pass     pass     pass     pass     same
bpf:test_sysctl                                        pass     pass     pass     pass     same
bpf:test_tag                                           pass     pass     pass     pass     same
bpf:test_tc_edt.sh                                     pass     pass     pass     pass     same
bpf:test_tc_tunnel.sh                                  fail     fail     fail     fail     same
bpf:test_tcp_check_syncookie.sh                        pass     pass     pass     pass     same
bpf:test_tcpnotify_user                                pass     pass     pass     pass     same
bpf:test_tunnel.sh                                     fail     fail     fail     fail     same
bpf:test_verifier                                      fail     fail     fail     fail     same
bpf:test_xdp_meta.sh                                   pass     pass     pass     pass     same
bpf:test_xdp_redirect.sh                               pass     pass     pass     pass     same
bpf:test_xdp_redirect_multi.sh                         pass     pass     pass     pass     same
bpf:test_xdp_veth.sh                                   pass     pass     pass     pass     same
bpf:test_xdp_vlan_mode_generic.sh                      pass     pass     pass     pass     same
bpf:test_xdp_vlan_mode_native.sh                       pass     pass     pass     pass     same
bpf:test_xdping.sh                                     pass     pass     pass     pass     same
breakpoints:breakpoint_test                            pass     pass     pass     pass     same
capabilities:test_execve                               pass     pass     pass     pass     same
cgroup:test_core                                       fail     fail     fail     fail     same
cgroup:test_cpuset_prs.sh                              pass     pass     pass     pass     same
cgroup:test_kill                                       pass     pass     pass     pass     same
cgroup:test_kmem                                       pass     pass     pass     pass     same
cgroup:test_stress.sh                                  fail     fail     fail     fail     same
clone3:clone3                                          pass     pass     pass     pass     same
clone3:clone3_cap_checkpoint_restore                   pass     pass     pass     pass     same
clone3:clone3_clear_sighand                            pass     pass     pass     pass     same
clone3:clone3_set_tid                                  pass     pass     pass     pass     same
core:close_range_test                                  pass     pass     pass     pass     same
cpu-hotplug:cpu-on-off-test.sh                         pass     pass     pass     pass     same
cpufreq:main.sh                                        fail     fail     fail     fail     same
drivers/dma-buf:udmabuf                                pass     pass     pass     pass     same
drivers/net/bonding:bond-arp-interval-causes-panic.sh  pass     pass     pass     pass     same
drivers/net/bonding:bond-break-lacpdu-tx.sh            pass     pass     pass     pass     same
drivers/net/bonding:bond-lladdr-target.sh              pass     pass     pass     pass     same
drivers/net/bonding:dev_addr_lists.sh                  pass     pass     pass     pass     same
drivers/net/bonding:mode-1-recovery-updelay.sh         pass     pass     pass     pass     same
drivers/net/bonding:mode-2-recovery-updelay.sh         pass     pass     pass     pass     same
drivers/net/team:dev_addr_lists.sh                     pass     pass     pass     pass     same
filesystems/binderfs:binderfs_test                     fail     fail     fail     fail     same
firmware:fw_run_tests.sh                               skip     skip     skip     skip     same
fpu:run_test_fpu.sh                                    skip     skip     skip     skip     same
fpu:test_fpu                                           pass     pass     pass     pass     same
ftrace:ftracetest                                      fail     fail     fail     fail     same
futex:run.sh                                           pass     pass     pass     pass     same
gpio:gpio-mockup.sh                                    fail     fail     fail     fail     same
intel_pstate:run.sh                                    pass     pass     pass     pass     same
ipc:msgque                                             pass     pass     pass     pass     same
ir:ir_loopback.sh                                      skip     skip     skip     skip     same
kcmp:kcmp_test                                         pass     pass     pass     pass     same
kexec:test_kexec_file_load.sh                          skip     skip     skip     skip     same
kexec:test_kexec_load.sh                               skip     skip     skip     skip     same
kvm:access_tracking_perf_test                          pass     pass     pass     pass     same
kvm:amx_test                                           fail     fail     fail     fail     same
kvm:cpuid_test                                         fail     fail     fail     fail     same
kvm:cr4_cpuid_sync_test                                fail     fail     fail     fail     same
kvm:debug_regs                                         fail     fail     fail     fail     same
kvm:demand_paging_test                                 pass     pass     pass     pass     same
kvm:dirty_log_perf_test                                pass     pass     pass     pass     same
kvm:dirty_log_test                                     fail     fail     fail     fail     same
kvm:emulator_error_test                                fail     fail     fail     fail     same
kvm:evmcs_test                                         fail     fail     fail     fail     same
kvm:fix_hypercall_test                                 fail     fail     fail     fail     same
kvm:get_msr_index_features                             fail     fail     fail     fail     same
kvm:hardware_disable_test                              pass     pass     pass     pass     same
kvm:hyperv_clock                                       fail     fail     fail     fail     same
kvm:hyperv_cpuid                                       fail     fail     fail     fail     same
kvm:hyperv_features                                    fail     fail     fail     fail     same
kvm:hyperv_svm_test                                    fail     fail     fail     fail     same
kvm:kvm_binary_stats_test                              pass     pass     pass     pass     same
kvm:kvm_clock_test                                     fail     fail     fail     fail     same
kvm:kvm_create_max_vcpus                               pass     pass     pass     pass     same
kvm:kvm_page_table_test                                pass     pass     pass     pass     same
kvm:kvm_pv_test                                        fail     fail     fail     fail     same
kvm:max_guest_memory_test                              pass     pass     pass     pass     same
kvm:max_vcpuid_cap_test                                fail     fail     fail     fail     same
kvm:memslot_modification_stress_test                   pass     pass     pass     pass     same
kvm:memslot_perf_test                                  pass     pass     pass     pass     same
kvm:mmio_warning_test                                  fail     fail     fail     fail     same
kvm:monitor_mwait_test                                 fail     fail     fail     fail     same
kvm:nx_huge_pages_test.sh                              fail     fail     fail     fail     same
kvm:platform_info_test                                 fail     fail     fail     fail     same
kvm:pmu_event_filter_test                              fail     fail     fail     fail     same
kvm:rseq_test                                          fail     fail     fail     fail     same
kvm:set_boot_cpu_id                                    fail     fail     fail     fail     same
kvm:set_memory_region_test                             pass     pass     pass     pass     same
kvm:set_sregs_test                                     fail     fail     fail     fail     same
kvm:sev_migrate_tests                                  fail     fail     fail     fail     same
kvm:smm_test                                           fail     fail     fail     fail     same
kvm:state_test                                         fail     fail     fail     fail     same
kvm:steal_time                                         pass     pass     pass     pass     same
kvm:svm_int_ctl_test                                   fail     fail     fail     fail     same
kvm:svm_nested_soft_inject_test                        fail     fail     fail     fail     same
kvm:svm_vmcall_test                                    fail     fail     fail     fail     same
kvm:sync_regs_test                                     fail     fail     fail     fail     same
kvm:system_counter_offset_test                         pass     pass     pass     pass     same
kvm:triple_fault_event_test                            fail     fail     fail     fail     same
kvm:tsc_msrs_test                                      fail     fail     fail     fail     same
kvm:tsc_scaling_sync                                   fail     fail     fail     fail     same
kvm:ucna_injection_test                                fail     fail     fail     fail     same
kvm:userspace_io_test                                  fail     fail     fail     fail     same
kvm:userspace_msr_exit_test                            fail     fail     fail     fail     same
kvm:vmx_apic_access_test                               fail     fail     fail     fail     same
kvm:vmx_close_while_nested_test                        fail     fail     fail     fail     same
kvm:vmx_dirty_log_test                                 fail     fail     fail     fail     same
kvm:vmx_exception_with_invalid_guest_state             fail     fail     fail     fail     same
kvm:vmx_invalid_nested_guest_state                     fail     fail     fail     fail     same
kvm:vmx_msrs_test                                      fail     fail     fail     fail     same
kvm:vmx_nested_tsc_scaling_test                        fail     fail     fail     fail     same
kvm:vmx_pmu_caps_test                                  fail     fail     fail     fail     same
kvm:vmx_preemption_timer_test                          fail     fail     fail     fail     same
kvm:vmx_set_nested_state_test                          fail     fail     fail     fail     same
kvm:vmx_tsc_adjust_test                                fail     fail     fail     fail     same
kvm:xapic_ipi_test                                     fail     fail     fail     fail     same
kvm:xapic_state_test                                   fail     fail     fail     fail     same
kvm:xen_shinfo_test                                    fail     fail     fail     fail     same
kvm:xen_vmcall_test                                    fail     fail     fail     fail     same
kvm:xss_msr_test                                       fail     fail     fail     fail     same
landlock:base_test                                     fail     fail     fail     fail     same
landlock:fs_test                                       fail     fail     fail     fail     same
landlock:ptrace_test                                   fail     fail     fail     fail     same
lib:bitmap.sh                                          skip     skip     skip     skip     same
lib:prime_numbers.sh                                   skip     skip     skip     skip     same
lib:printf.sh                                          skip     skip     skip     skip     same
lib:scanf.sh                                           skip     skip     skip     skip     same
lib:strscpy.sh                                         skip     skip     skip     skip     same
livepatch:test-callbacks.sh                            skip     skip     skip     skip     same
livepatch:test-ftrace.sh                               skip     skip     skip     skip     same
livepatch:test-livepatch.sh                            skip     skip     skip     skip     same
livepatch:test-shadow-vars.sh                          skip     skip     skip     skip     same
livepatch:test-state.sh                                skip     skip     skip     skip     same
membarrier:membarrier_test_multi_thread                pass     pass     pass     pass     same
membarrier:membarrier_test_single_thread               pass     pass     pass     pass     same
memfd:memfd_test                                       pass     pass     pass     pass     same
memfd:run_fuse_test.sh                                 pass     pass     pass     pass     same
memfd:run_hugetlbfs_test.sh                            pass     pass     pass     pass     same
memory-hotplug:mem-on-off-test.sh                      pass     pass     pass     pass     same
mincore:mincore_selftest                               fail     fail     fail     fail     same
mount:run_nosymfollow.sh                               pass     pass     pass     pass     same
mount:run_unprivileged_remount.sh                      pass     pass     pass     pass     same
mqueue:mq_open_tests                                   pass     pass     pass     pass     same
mqueue:mq_perf_tests                                   pass     pass     pass     pass     same
nci:nci_dev                                            fail     fail     fail     fail     same
net/forwarding:bridge_locked_port.sh                   pass     pass     pass     pass     same
net/forwarding:bridge_mld.sh                           fail     fail     fail     fail     same
net/forwarding:bridge_port_isolation.sh                pass     pass     pass     pass     same
net/forwarding:bridge_sticky_fdb.sh                    pass     pass     pass     pass     same
net/forwarding:bridge_vlan_aware.sh                    fail     fail     fail     fail     same
net/forwarding:bridge_vlan_mcast.sh                    fail     fail     fail     fail     same
net/forwarding:bridge_vlan_unaware.sh                  pass     pass     pass     pass     same
net/forwarding:custom_multipath_hash.sh                fail     fail     fail     fail     same
net/forwarding:ethtool.sh                              fail     fail     fail     fail     same
net/forwarding:ethtool_extended_state.sh               fail     fail     fail     fail     same
net/forwarding:gre_custom_multipath_hash.sh            fail     fail     fail     fail     same
net/forwarding:gre_inner_v4_multipath.sh               fail     fail     fail     fail     same
net/forwarding:gre_multipath.sh                        fail     fail     fail     fail     same
net/forwarding:gre_multipath_nh.sh                     fail     fail     fail     fail     same
net/forwarding:gre_multipath_nh_res.sh                 fail     fail     fail     fail     same
net/forwarding:hw_stats_l3.sh                          fail     fail     fail     fail     same
net/forwarding:hw_stats_l3_gre.sh                      fail     fail     fail     fail     same
net/forwarding:ip6_forward_instats_vrf.sh              fail     fail     fail     fail     same
net/forwarding:ip6gre_custom_multipath_hash.sh         fail     fail     fail     fail     same
net/forwarding:ip6gre_flat.sh                          pass     pass     pass     pass     same
net/forwarding:ip6gre_flat_key.sh                      pass     pass     pass     pass     same
net/forwarding:ip6gre_flat_keys.sh                     pass     pass     pass     pass     same
net/forwarding:ip6gre_hier.sh                          pass     pass     pass     pass     same
net/forwarding:ip6gre_hier_key.sh                      pass     pass     pass     pass     same
net/forwarding:ip6gre_hier_keys.sh                     pass     pass     pass     pass     same
net/forwarding:ip6gre_inner_v4_multipath.sh            fail     fail     fail     fail     same
net/forwarding:ip6gre_inner_v6_multipath.sh            fail     fail     fail     fail     same
net/forwarding:ipip_flat_gre.sh                        pass     pass     pass     pass     same
net/forwarding:ipip_flat_gre_key.sh                    pass     pass     pass     pass     same
net/forwarding:ipip_flat_gre_keys.sh                   pass     pass     pass     pass     same
net/forwarding:ipip_hier_gre.sh                        pass     pass     pass     pass     same
net/forwarding:ipip_hier_gre_key.sh                    pass     pass     pass     pass     same
net/forwarding:loopback.sh                             skip     skip     skip     skip     same
net/forwarding:mirror_gre.sh                           fail     fail     fail     fail     same
net/forwarding:mirror_gre_bound.sh                     pass     pass     pass     pass     same
net/forwarding:mirror_gre_bridge_1d.sh                 pass     pass     pass     pass     same
net/forwarding:mirror_gre_bridge_1q.sh                 pass     pass     pass     pass     same
net/forwarding:mirror_gre_bridge_1q_lag.sh             pass     pass     pass     pass     same
net/forwarding:mirror_gre_changes.sh                   fail     fail     fail     fail     same
net/forwarding:mirror_gre_flower.sh                    fail     fail     fail     fail     same
net/forwarding:mirror_gre_lag_lacp.sh                  pass     pass     pass     pass     same
net/forwarding:mirror_gre_neigh.sh                     pass     pass     pass     pass     same
net/forwarding:mirror_gre_nh.sh                        pass     pass     pass     pass     same
net/forwarding:mirror_gre_vlan.sh                      pass     pass     pass     pass     same
net/forwarding:mirror_vlan.sh                          pass     pass     pass     pass     same
net/forwarding:pedit_dsfield.sh                        pass     pass     pass     pass     same
net/forwarding:pedit_ip.sh                             pass     pass     pass     pass     same
net/forwarding:pedit_l4port.sh                         pass     pass     pass     pass     same
net/forwarding:q_in_vni_ipv6.sh                        pass     pass     pass     pass     same
net/forwarding:router.sh                               skip     skip     skip     skip     same
net/forwarding:router_bridge.sh                        pass     pass     pass     pass     same
net/forwarding:router_bridge_vlan.sh                   pass     pass     pass     pass     same
net/forwarding:router_broadcast.sh                     pass     pass     pass     pass     same
net/forwarding:router_mpath_nh.sh                      fail     fail     fail     fail     same
net/forwarding:router_mpath_nh_res.sh                  fail     fail     fail     fail     same
net/forwarding:router_multicast.sh                     skip     skip     skip     skip     same
net/forwarding:router_multipath.sh                     fail     fail     fail     fail     same
net/forwarding:router_nh.sh                            pass     pass     pass     pass     same
net/forwarding:router_vid_1.sh                         pass     pass     pass     pass     same
net/forwarding:skbedit_priority.sh                     pass     pass     pass     pass     same
net/forwarding:tc_chains.sh                            pass     pass     pass     pass     same
net/forwarding:tc_flower.sh                            pass     pass     pass     pass     same
net/forwarding:tc_flower_router.sh                     pass     pass     pass     pass     same
net/forwarding:tc_mpls_l2vpn.sh                        pass     pass     pass     pass     same
net/forwarding:tc_shblocks.sh                          pass     pass     pass     pass     same
net/forwarding:tc_vlan_modify.sh                       pass     pass     pass     pass     same
net/forwarding:vxlan_asymmetric.sh                     pass     pass     pass     pass     same
net/forwarding:vxlan_asymmetric_ipv6.sh                pass     pass     pass     pass     same
net/forwarding:vxlan_bridge_1d.sh                      fail     fail     fail     fail     same
net/forwarding:vxlan_bridge_1d_port_8472.sh            pass     pass     pass     pass     same
net/forwarding:vxlan_bridge_1d_port_8472_ipv6.sh       fail     fail     fail     fail     same
net/forwarding:vxlan_bridge_1q.sh                      fail     fail     fail     fail     same
net/forwarding:vxlan_bridge_1q_ipv6.sh                 fail     fail     fail     fail     same
net/forwarding:vxlan_bridge_1q_port_8472.sh            pass     pass     pass     pass     same
net/forwarding:vxlan_bridge_1q_port_8472_ipv6.sh       fail     fail     fail     fail     same
net/forwarding:vxlan_symmetric.sh                      pass     pass     pass     pass     same
net/forwarding:vxlan_symmetric_ipv6.sh                 pass     pass     pass     pass     same
net/mptcp:diag.sh                                      pass     pass     pass     pass     same
net/mptcp:mptcp_connect.sh                             pass     pass     pass     pass     same
net/mptcp:mptcp_sockopt.sh                             pass     pass     pass     pass     same
net/mptcp:pm_netlink.sh                                pass     pass     pass     pass     same
net:altnames.sh                                        pass     pass     pass     pass     same
net:bareudp.sh                                         pass     pass     pass     pass     same
net:cmsg_so_mark.sh                                    pass     pass     pass     pass     same
net:devlink_port_split.py                              skip     skip     skip     skip     same
net:drop_monitor_tests.sh                              skip     skip     skip     skip     same
net:fcnal-test.sh                                      skip     skip     skip     skip     same
net:fib-onlink-tests.sh                                pass     pass     pass     pass     same
net:fib_nexthop_multiprefix.sh                         pass     pass     pass     pass     same
net:fib_rule_tests.sh                                  pass     pass     pass     pass     same
net:fib_tests.sh                                       fail     fail     fail     fail     same
net:fin_ack_lat.sh                                     pass     pass     pass     pass     same
net:gre_gso.sh                                         skip     skip     skip     skip     same
net:icmp.sh                                            fail     fail     fail     fail     same
net:icmp_redirect.sh                                   pass     pass     pass     pass     same
net:ip6_gre_headroom.sh                                pass     pass     pass     pass     same
net:ipv6_flowlabel.sh                                  pass     pass     pass     pass     same
net:l2tp.sh                                            pass     pass     pass     pass     same
net:msg_zerocopy.sh                                    pass     pass     pass     pass     same
net:netdevice.sh                                       pass     pass     pass     pass     same
net:pmtu.sh                                            pass     pass     pass     pass     same
net:psock_snd.sh                                       pass     pass     pass     pass     same
net:reuseaddr_conflict                                 pass     pass     pass     pass     same
net:reuseaddr_ports_exhausted.sh                       pass     pass     pass     pass     same
net:reuseport_bpf                                      pass     pass     pass     pass     same
net:reuseport_bpf_cpu                                  pass     pass     pass     pass     same
net:reuseport_bpf_numa                                 pass     pass     pass     pass     same
net:reuseport_dualstack                                pass     pass     pass     pass     same
net:route_localnet.sh                                  pass     pass     pass     pass     same
net:rps_default_mask.sh                                fail     fail     fail     fail     same
net:rtnetlink.sh                                       skip     skip     skip     skip     same
net:run_afpackettests                                  pass     pass     pass     pass     same
net:run_netsocktests                                   pass     pass     pass     pass     same
net:rxtimestamp.sh                                     pass     pass     pass     pass     same
net:so_txtime.sh                                       pass     pass     pass     pass     same
net:stress_reuseport_listen.sh                         pass     pass     pass     pass     same
net:tcp_fastopen_backup_key.sh                         pass     pass     pass     pass     same
net:test_blackhole_dev.sh                              fail     fail     fail     fail     same
net:test_bpf.sh                                        pass     pass     pass     pass     same
net:test_vxlan_fdb_changelink.sh                       pass     pass     pass     pass     same
net:test_vxlan_under_vrf.sh                            pass     pass     pass     pass     same
net:tls                                                pass     pass     pass     pass     same
net:traceroute.sh                                      pass     pass     pass     pass     same
net:udpgro.sh                                          fail     fail     fail     fail     same
net:udpgro_bench.sh                                    fail     fail     fail     fail     same
net:udpgso.sh                                          pass     pass     pass     pass     same
net:unicast_extensions.sh                              pass     pass     pass     pass     same
net:veth.sh                                            fail     fail     fail     fail     same
net:vrf-xfrm-tests.sh                                  pass     pass     pass     pass     same
net:vrf_route_leaking.sh                               fail     fail     fail     fail     same
net:vrf_strict_mode_test.sh                            pass     pass     pass     pass     same
netfilter:bridge_brouter.sh                            skip     skip     skip     skip     same
netfilter:conntrack_icmp_related.sh                    fail     fail     fail     fail     same
netfilter:conntrack_tcp_unreplied.sh                   fail     fail     fail     fail     same
netfilter:conntrack_vrf.sh                             skip     skip     skip     skip     same
netfilter:ipip-conntrack-mtu.sh                        skip     skip     skip     skip     same
netfilter:ipvs.sh                                      skip     skip     skip     skip     same
netfilter:nf_nat_edemux.sh                             skip     skip     skip     skip     same
netfilter:nft_concat_range.sh                          fail     fail     fail     fail     same
netfilter:nft_conntrack_helper.sh                      skip     skip     skip     skip     same
netfilter:nft_fib.sh                                   skip     skip     skip     skip     same
netfilter:nft_flowtable.sh                             fail     fail     fail     fail     same
netfilter:nft_meta.sh                                  pass     pass     pass     pass     same
netfilter:nft_nat.sh                                   skip     skip     skip     skip     same
netfilter:nft_queue.sh                                 skip     skip     skip     skip     same
netfilter:rpath.sh                                     pass     pass     pass     pass     same
nsfs:owner                                             pass     pass     pass     pass     same
nsfs:pidns                                             pass     pass     pass     pass     same
openat2:openat2_test                                   fail     fail     fail     fail     same
openat2:rename_attack_test                             pass     pass     pass     pass     same
openat2:resolve_test                                   fail     fail     fail     fail     same
pid_namespace:regression_enomem                        pass     pass     pass     pass     same
pidfd:pidfd_fdinfo_test                                pass     pass     pass     pass     same
pidfd:pidfd_getfd_test                                 pass     pass     pass     pass     same
pidfd:pidfd_open_test                                  pass     pass     pass     pass     same
pidfd:pidfd_poll_test                                  pass     pass     pass     pass     same
pidfd:pidfd_setns_test                                 pass     pass     pass     pass     same
pidfd:pidfd_test                                       pass     pass     pass     pass     same
pidfd:pidfd_wait                                       pass     pass     pass     pass     same
proc:fd-001-lookup                                     pass     pass     pass     pass     same
proc:fd-002-posix-eq                                   pass     pass     pass     pass     same
proc:fd-003-kthread                                    pass     pass     pass     pass     same
proc:proc-fsconfig-hidepid                             pass     pass     pass     pass     same
proc:proc-loadavg-001                                  pass     pass     pass     pass     same
proc:proc-multiple-procfs                              pass     pass     pass     pass     same
proc:proc-self-map-files-001                           pass     pass     pass     pass     same
proc:proc-self-map-files-002                           pass     pass     pass     pass     same
proc:proc-self-syscall                                 pass     pass     pass     pass     same
proc:proc-self-wchan                                   pass     pass     pass     pass     same
proc:proc-subset-pid                                   pass     pass     pass     pass     same
proc:proc-uptime-002                                   pass     pass     pass     pass     same
proc:read                                              pass     pass     pass     pass     same
proc:self                                              pass     pass     pass     pass     same
proc:setns-dcache                                      pass     pass     pass     pass     same
proc:setns-sysvipc                                     pass     pass     pass     pass     same
proc:thread-self                                       pass     pass     pass     pass     same
pstore:pstore_post_reboot_tests                        skip     skip     skip     skip     same
pstore:pstore_tests                                    fail     fail     fail     fail     same
ptrace:get_syscall_info                                pass     pass     pass     pass     same
ptrace:peeksiginfo                                     pass     pass     pass     pass     same
ptrace:vmaccess                                        fail     fail     fail     fail     same
rlimits:rlimits-per-userns                             pass     pass     pass     pass     same
rseq:basic_percpu_ops_test                             pass     pass     pass     pass     same
rseq:basic_test                                        pass     pass     pass     pass     same
rseq:param_test                                        pass     pass     pass     pass     same
rseq:param_test_benchmark                              pass     pass     pass     pass     same
rseq:param_test_compare_twice                          pass     pass     pass     pass     same
rseq:run_param_test.sh                                 pass     pass     pass     pass     same
seccomp:seccomp_benchmark                              pass     pass     pass     pass     same
seccomp:seccomp_bpf                                    pass     pass     pass     pass     same
sgx:test_sgx                                           fail     fail     fail     fail     same
sigaltstack:sas                                        pass     pass     pass     pass     same
size:get_size                                          pass     pass     pass     pass     same
splice:default_file_splice_read.sh                     pass     pass     pass     pass     same
splice:short_splice_read.sh                            fail     fail     fail     fail     same
static_keys:test_static_keys.sh                        skip     skip     skip     skip     same
syscall_user_dispatch:sud_benchmark                    pass     pass     pass     pass     same
syscall_user_dispatch:sud_test                         pass     pass     pass     pass     same
tc-testing:tdc.sh                                      fail     fail     fail     fail     same
tdx:tdx_guest_test                                     fail     fail     fail     fail     same
timens:clock_nanosleep                                 pass     pass     pass     pass     same
timens:exec                                            pass     pass     pass     pass     same
timens:futex                                           pass     pass     pass     pass     same
timens:procfs                                          pass     pass     pass     pass     same
timens:timens                                          pass     pass     pass     pass     same
timens:timer                                           pass     pass     pass     pass     same
timens:timerfd                                         pass     pass     pass     pass     same
timens:vfork_exec                                      pass     pass     pass     pass     same
timers:inconsistency-check                             pass     pass     pass     pass     same
timers:mqueue-lat                                      pass     pass     pass     pass     same
timers:nanosleep                                       pass     pass     pass     pass     same
timers:nsleep-lat                                      pass     pass     pass     pass     same
timers:posix_timers                                    pass     pass     pass     pass     same
timers:rtcpie                                          pass     pass     pass     pass     same
timers:set-timer-lat                                   pass     pass     pass     pass     same
timers:threadtest                                      pass     pass     pass     pass     same
tmpfs:bug-link-o-tmpfile                               pass     pass     pass     pass     same
tpm2:test_smoke.sh                                     skip     skip     skip     skip     same
tpm2:test_space.sh                                     skip     skip     skip     skip     same
vDSO:vdso_standalone_test_x86                          pass     pass     pass     pass     same
vDSO:vdso_test_abi                                     pass     pass     pass     pass     same
vDSO:vdso_test_clock_getres                            pass     pass     pass     pass     same
vDSO:vdso_test_correctness                             pass     pass     pass     pass     same
vDSO:vdso_test_getcpu                                  pass     pass     pass     pass     same
vDSO:vdso_test_gettimeofday                            pass     pass     pass     pass     same
vm:run_vmtests.sh                                      skip     skip     skip     skip     same
x86:amx_64                                             fail     fail     fail     fail     same
x86:check_initial_reg_state_64                         pass     pass     pass     pass     same
x86:corrupt_xstate_header_64                           pass     pass     pass     pass     same
x86:fsgsbase_64                                        pass     pass     pass     pass     same
x86:fsgsbase_restore_64                                pass     pass     pass     pass     same
x86:ioperm_64                                          pass     pass     pass     pass     same
x86:iopl_64                                            pass     pass     pass     pass     same
x86:mov_ss_trap_64                                     pass     pass     pass     pass     same
x86:sigaltstack_64                                     pass     pass     pass     pass     same
x86:sigreturn_64                                       pass     pass     pass     pass     same
x86:single_step_syscall_64                             pass     pass     pass     pass     same
x86:syscall_arg_fault_64                               pass     pass     pass     pass     same
x86:syscall_nt_64                                      pass     pass     pass     pass     same
x86:syscall_numbering_64                               pass     pass     pass     pass     same
x86:sysret_rip_64                                      pass     pass     pass     pass     same
x86:sysret_ss_attrs_64                                 pass     pass     pass     pass     same
x86:test_mremap_vdso_64                                pass     pass     pass     pass     same
x86:test_vsyscall_64                                   pass     pass     pass     pass     same
zram:zram.sh                                           pass     pass     pass     pass     same

jira VULN-8187 cve CVE-2024-26585 commit-author Jakub Kicinski <[email protected]> commit e01e393 upstream-diff No actual difference from the upstream patch, but required manual conflicts resolution due to differences in neighbouring code Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling the work before calling complete(). This seems more logical in the first place, as it's the inverse order of what the submitting thread will do. Reported-by: valis <[email protected]> Fixes: a42055e ("net/tls: Add support for async encryption of records for performance") Signed-off-by: Jakub Kicinski <[email protected]> Reviewed-by: Simon Horman <[email protected]> Reviewed-by: Sabrina Dubroca <[email protected]> Signed-off-by: David S. Miller <[email protected]> (cherry picked from commit e01e393) Signed-off-by: Marcin Wcisło <[email protected]>

jira VULN-8197 cve CVE-2024-26668 commit-author Florian Westphal <[email protected]> commit c9d9eb9 upstream-diff Used `limit' struct instead of `priv' because of missing 369b6cb. Also added casts to `u64' where appropriate as inspired by the RH's LTS 9.4 backport of this patch embedded in 270e20b. Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s. Its better to reject this rather than having incorrect ratelimit. Fixes: d2168e8 ("netfilter: nft_limit: add per-byte limiting") Signed-off-by: Florian Westphal <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]> (cherry picked from commit c9d9eb9) Signed-off-by: Marcin Wcisło <[email protected]>

PlaidCat · 2025-10-14T20:37:37Z

CVE-2024-26581

This looks like the fun of netfilter that a CVE is built upon several other CVE's

I'll take a look at this and get back to you on the projected list i'm having some issues with my kernel.org clone of vulns right now.

Please remove the CVE from the summary line, please leave the details though.

PlaidCat

bmastbergen

🥌

roxanan1996 · 2025-10-16T15:31:54Z

I think check-upstream-fixes fails because you did not push your branch locally. I'll fix this tomorrow morning.

PlaidCat · 2025-10-16T16:42:18Z

I think check-upstream-fixes fails because you did not push your branch locally. I'll fix this tomorrow morning.

Marchin is an external commiter which must be done from remote forks, only CIQ employees can make a local branch.
and Yes we need to get this fixed eventually.
We also can't test with a fork tied to your GH account that we use here, the automation should just work because it recognizes us as "trsuted" employees.

pvts-mat added 2 commits October 14, 2025 03:46

PlaidCat requested a review from a team October 14, 2025 20:37

pvts-mat changed the title ~~[LTS 9.2] CVE-2024-26581, CVE-2024-26585, CVE-2024-26668~~ [LTS 9.2] CVE-2024-26585, CVE-2024-26668 Oct 14, 2025

PlaidCat approved these changes Oct 14, 2025

View reviewed changes

bmastbergen self-requested a review October 15, 2025 14:16

bmastbergen approved these changes Oct 15, 2025

View reviewed changes

PlaidCat merged commit dfdd6ef into ctrliq:ciqlts9_2 Oct 16, 2025
2 of 3 checks passed

pvts-mat mentioned this pull request Nov 5, 2025

[LTS 9.2] netfilter: CVE-2022-{48641, 49917, 49918}, CVE-2023-{3777, 4015, 4244, 5197, 52620, 52923, 52924, 53549, 53635, 7192} #668

Draft

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[LTS 9.2] CVE-2024-26585, CVE-2024-26668 #623

[LTS 9.2] CVE-2024-26585, CVE-2024-26668 #623

Uh oh!

pvts-mat commented Oct 14, 2025 •

edited

Loading

Uh oh!

PlaidCat commented Oct 14, 2025

Uh oh!

PlaidCat left a comment

Uh oh!

bmastbergen left a comment

Uh oh!

roxanan1996 commented Oct 16, 2025

Uh oh!

PlaidCat commented Oct 16, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

4 participants

[LTS 9.2] CVE-2024-26585, CVE-2024-26668 #623

[LTS 9.2] CVE-2024-26585, CVE-2024-26668 #623

Uh oh!

Conversation

pvts-mat commented Oct 14, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Commits

CVE-2024-26581

CVE-2024-26585

CVE-2024-26668

kABI check: passed

Boot test: passed

Kselftests: passed relative

Reference

Patch

Comparison

Uh oh!

PlaidCat commented Oct 14, 2025

CVE-2024-26581

Uh oh!

PlaidCat left a comment

Choose a reason for hiding this comment

Uh oh!

bmastbergen left a comment

Choose a reason for hiding this comment

Uh oh!

roxanan1996 commented Oct 16, 2025

Uh oh!

PlaidCat commented Oct 16, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

4 participants

pvts-mat commented Oct 14, 2025 •

edited

Loading