CVE-2024-35900: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-35900 affects the Linux kernel's netfilter/nf_tables subsystem. The vulnerability was discovered and disclosed on May 19, 2024, and involves an inconsistency in handling table flag updates that can lead to an invalid state when managing netfilter chains (NVD).

The vulnerability occurs when the dormant flag is toggled, where hooks are disabled in the commit phase by iterating over current chains in table (existing and new). A specific configuration sequence can trigger an inconsistent state: adding a table, adding a chain with a filter hook, updating table flags to dormant, and then adding another chain with a filter hook. This results in a warning when attempting to unregister a chain that has already been unregistered (Kernel Commit).

The vulnerability can lead to an inconsistent state in the netfilter subsystem, potentially causing system warnings and improper hook management. This could affect network filtering functionality and system stability (NVD).

The vulnerability has been fixed in various Linux kernel versions, including Ubuntu 24.04 LTS (6.8.0-38.38), 22.04 LTS (5.15.0-116.126), and 20.04 LTS (5.4.0-189.209). Debian has also released fixes in version 5.10.216-1~deb10u1 (Ubuntu, Debian).