CVE-2024-35897: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability was discovered in the netfilter nf_tables component related to table flag updates with pending basechain deletion. The issue was identified and assigned CVE-2024-35897. The vulnerability was discovered on May 19, 2024, affecting the Linux kernel's netfilter subsystem (NVD).

The vulnerability occurs when hook unregistration is deferred to the commit phase, which coincides with hook updates triggered by the table dormant flag. When both commands are combined, this results in deleting a basechain while leaving its hook still registered in the core. This issue is related to a previous fix identified as '179d9ba5559a' titled 'netfilter: nf_tables: fix table flag updates' (Kernel Commit).

The vulnerability could potentially lead to system instability or security issues due to improperly unregistered hooks remaining in the kernel's netfilter subsystem after basechain deletion (NVD).

The issue has been fixed in various Linux kernel versions. Multiple distributions have released patches, including Ubuntu which has fixed the vulnerability in versions 6.8.0-38.38 for 24.04 LTS, 5.15.0-116.126 for 22.04 LTS, and 5.4.0-189.209 for 20.04 LTS (Ubuntu Security).