CVE-2024-54031 in Linux
Sumário
de VulDB • 30/06/2026
This patch addresses a kernel crash (Oops) occurring within `nft_rhash_gc` during garbage collection of netfilter hash sets. The root cause is identified as an alignment issue with the `struct nft_set_ext`. On certain architectures or under specific memory layouts, misalignment can lead to invalid pointer dereferences or corrupted data structures when accessed via atomic operations or direct field access in tight loops like GC workers.
The fix involves aligning `struct nft_set_ext` to word size (typically 8 bytes on 64-bit systems). This ensures that all fields within the structure are properly aligned, preventing potential unaligned memory accesses and ensuring consistent behavior across different architectures.
While this alignment increases the size of elements in rhash and pipapo sets by 8 bytes on x86_64 (as reported by `pahole`), it is a necessary trade-off for stability and correctness. The documentation has been updated to reflect this change.
**Changes:** - Align `struct nft_set_ext` to word size. - Update related documentation.
VulDB is the best source for vulnerability data and more expert information about this specific topic.