{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27403", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:47:42.681Z", "datePublished": "2024-05-17T11:40:17.992Z", "dateUpdated": "2025-05-04T09:04:21.899Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T09:04:21.899Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_flow_offload: reset dst in route object after setting up flow\n\ndst is transferred to the flow object, route object does not own it\nanymore. Reset dst in route object, otherwise if flow_offload_add()\nfails, error path releases dst twice, leading to a refcount underflow."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/net/netfilter/nf_flow_table.h", "net/netfilter/nf_flow_table_core.c"], "versions": [{"version": "a3c90f7a2323b331ae816d5b0633e68148e25d04", "lessThan": "4c167af9f6b5ae4a5dbc243d5983c295ccc2e43c", "status": "affected", "versionType": "git"}, {"version": "a3c90f7a2323b331ae816d5b0633e68148e25d04", "lessThan": "012df10717da02367aaf92c65f9c89db206c15f4", "status": "affected", "versionType": "git"}, {"version": "a3c90f7a2323b331ae816d5b0633e68148e25d04", "lessThan": "558b00a30e05753a62ecc7e05e939ca8f0241148", "status": "affected", "versionType": "git"}, {"version": "a3c90f7a2323b331ae816d5b0633e68148e25d04", "lessThan": "670548c8db44d76e40e1dfc06812bca36a61e9ae", "status": "affected", "versionType": "git"}, {"version": "a3c90f7a2323b331ae816d5b0633e68148e25d04", "lessThan": "9e0f0430389be7696396c62f037be4bf72cf93e3", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/net/netfilter/nf_flow_table.h", "net/netfilter/nf_flow_table_core.c"], "versions": [{"version": "4.16", "status": "affected"}, {"version": "0", "lessThan": "4.16", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.150", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.80", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.19", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.7", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "5.15.150"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "6.1.80"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "6.6.19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "6.7.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "6.8"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/4c167af9f6b5ae4a5dbc243d5983c295ccc2e43c"}, {"url": "https://git.kernel.org/stable/c/012df10717da02367aaf92c65f9c89db206c15f4"}, {"url": "https://git.kernel.org/stable/c/558b00a30e05753a62ecc7e05e939ca8f0241148"}, {"url": "https://git.kernel.org/stable/c/670548c8db44d76e40e1dfc06812bca36a61e9ae"}, {"url": "https://git.kernel.org/stable/c/9e0f0430389be7696396c62f037be4bf72cf93e3"}], "title": "netfilter: nft_flow_offload: reset dst in route object after setting up flow", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27403", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-17T17:17:07.998820Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:46:43.380Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.105Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/4c167af9f6b5ae4a5dbc243d5983c295ccc2e43c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/012df10717da02367aaf92c65f9c89db206c15f4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/558b00a30e05753a62ecc7e05e939ca8f0241148", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/670548c8db44d76e40e1dfc06812bca36a61e9ae", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9e0f0430389be7696396c62f037be4bf72cf93e3", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/4c167af9f6b5ae4a5dbc243d5983c295ccc2e43c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/012df10717da02367aaf92c65f9c89db206c15f4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/558b00a30e05753a62ecc7e05e939ca8f0241148", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/670548c8db44d76e40e1dfc06812bca36a61e9ae", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9e0f0430389be7696396c62f037be4bf72cf93e3", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:34:52.105Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27403", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-17T17:17:07.998820Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:24.691Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "netfilter: nft_flow_offload: reset dst in route object after setting up flow", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "a3c90f7a2323b331ae816d5b0633e68148e25d04", "lessThan": "4c167af9f6b5ae4a5dbc243d5983c295ccc2e43c", "versionType": "git"}, {"status": "affected", "version": "a3c90f7a2323b331ae816d5b0633e68148e25d04", "lessThan": "012df10717da02367aaf92c65f9c89db206c15f4", "versionType": "git"}, {"status": "affected", "version": "a3c90f7a2323b331ae816d5b0633e68148e25d04", "lessThan": "558b00a30e05753a62ecc7e05e939ca8f0241148", "versionType": "git"}, {"status": "affected", "version": "a3c90f7a2323b331ae816d5b0633e68148e25d04", "lessThan": "670548c8db44d76e40e1dfc06812bca36a61e9ae", "versionType": "git"}, {"status": "affected", "version": "a3c90f7a2323b331ae816d5b0633e68148e25d04", "lessThan": "9e0f0430389be7696396c62f037be4bf72cf93e3", "versionType": "git"}], "programFiles": ["include/net/netfilter/nf_flow_table.h", "net/netfilter/nf_flow_table_core.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.16"}, {"status": "unaffected", "version": "0", "lessThan": "4.16", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.150", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.80", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.19", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.7", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["include/net/netfilter/nf_flow_table.h", "net/netfilter/nf_flow_table_core.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/4c167af9f6b5ae4a5dbc243d5983c295ccc2e43c"}, {"url": "https://git.kernel.org/stable/c/012df10717da02367aaf92c65f9c89db206c15f4"}, {"url": "https://git.kernel.org/stable/c/558b00a30e05753a62ecc7e05e939ca8f0241148"}, {"url": "https://git.kernel.org/stable/c/670548c8db44d76e40e1dfc06812bca36a61e9ae"}, {"url": "https://git.kernel.org/stable/c/9e0f0430389be7696396c62f037be4bf72cf93e3"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_flow_offload: reset dst in route object after setting up flow\n\ndst is transferred to the flow object, route object does not own it\nanymore. Reset dst in route object, otherwise if flow_offload_add()\nfails, error path releases dst twice, leading to a refcount underflow."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T08:54:21.794Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27403", "state": "PUBLISHED", "dateUpdated": "2024-12-19T08:54:21.794Z", "dateReserved": "2024-02-25T13:47:42.681Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T11:40:17.992Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "27202095-6B1F-47FF-B661-C624B6AA6C0D", "versionEndExcluding": "5.15.150", "versionStartIncluding": "4.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA7850CE-97C9-4408-A348-6173296BCA2B", "versionEndExcluding": "6.1.80", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D82004C-B2AE-4048-9344-32EFF65953B0", "versionEndExcluding": "6.6.19", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "575EE16B-67F2-4B5B-B5F8-1877715C898B", "versionEndExcluding": "6.7.7", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*", "matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*", "matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*", "matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*", "matchCriteriaId": "A780F817-2A77-4130-A9B7-5C25606314E3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_flow_offload: reset dst in route object after setting up flow\n\ndst is transferred to the flow object, route object does not own it\nanymore. Reset dst in route object, otherwise if flow_offload_add()\nfails, error path releases dst twice, leading to a refcount underflow."}, {"lang": "es", "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: netfilter: nft_flow_offload: restablece dst en el objeto de ruta despu\u00e9s de configurar el flujo dst se transfiere al objeto de flujo, el objeto de ruta ya no es propietario. Restablezca el dst en el objeto de ruta; de lo contrario, si flow_offload_add() fallo, la ruta de error libera el dst dos veces, lo que provoca un desbordamiento insuficiente del recuento."}], "id": "CVE-2024-27403", "lastModified": "2025-09-18T17:28:55.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-17T12:15:10.030", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/012df10717da02367aaf92c65f9c89db206c15f4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4c167af9f6b5ae4a5dbc243d5983c295ccc2e43c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/558b00a30e05753a62ecc7e05e939ca8f0241148"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/670548c8db44d76e40e1dfc06812bca36a61e9ae"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9e0f0430389be7696396c62f037be4bf72cf93e3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/012df10717da02367aaf92c65f9c89db206c15f4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4c167af9f6b5ae4a5dbc243d5983c295ccc2e43c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/558b00a30e05753a62ecc7e05e939ca8f0241148"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/670548c8db44d76e40e1dfc06812bca36a61e9ae"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9e0f0430389be7696396c62f037be4bf72cf93e3"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:8162", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.40.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:8162", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.40.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:5257", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "kernel-0:5.14.0-70.112.1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5256", "cpe": "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package": "kernel-rt-0:5.14.0-70.112.1.rt21.184.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:4108", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.71.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-06-26T00:00:00Z"}, {"advisory": "RHSA-2024:4106", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.71.1.rt14.356.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-06-26T00:00:00Z"}], "bugzilla": {"description": "kernel: netfilter: nft_flow_offload: reset dst in route object after setting up flow", "id": "2281127", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281127"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: nft_flow_offload: reset dst in route object after setting up flow\ndst is transferred to the flow object, route object does not own it\nanymore. Reset dst in route object, otherwise if flow_offload_add()\nfails, error path releases dst twice, leading to a refcount underflow."], "name": "CVE-2024-27403", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27403\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27403\nhttps://lore.kernel.org/linux-cve-announce/2024051738-CVE-2024-27403-c4ba@gregkh/T"], "threat_severity": "Low"}