CVE-2024-35898 is a medium-severity vulnerability identified in the Linux kernel's netfilter subsystem, specifically within the nftables implementation. The issue arises from a potential data race condition between the functions nft_unregister_flowtable_type() and __nft_flowtable_type_get(). nft_unregister_flowtable_type() is called during module exit routines (nf_flow_inet_module_exit()), while __nft_flowtable_type_get() is invoked during the creation of new flow tables (nf_tables_newflowtable()). The vulnerability stems from the lack of proper synchronization when iterating over the nf_tables_flowtables linked list, which can lead to concurrent access and modification without protection. This data race can cause undefined behavior, including potential kernel crashes or denial of service (DoS) due to memory corruption or use-after-free conditions. The fix involves using list_for_each_entry_rcu() to safely iterate over the nf_tables_flowtables list with Read-Copy-Update (RCU) synchronization primitives and applying rcu_read_lock() in the caller function nft_flowtable_type_get() to protect the entire query process. This ensures safe concurrent access and prevents the race condition. The vulnerability affects multiple Linux kernel versions identified by specific commit hashes, indicating it is present in recent kernel releases prior to the patch. The CVSS 3.1 score is 5.5 (medium), reflecting that exploitation requires local privileges with low complexity and no user interaction, and impacts availability without affecting confidentiality or integrity. There are no known exploits in the wild at this time.

For European organizations, this vulnerability primarily poses a risk of local denial of service on Linux systems running affected kernel versions. Since Linux is widely used in servers, cloud infrastructure, and embedded devices across Europe, the potential for kernel crashes could disrupt critical services, especially in environments relying on nftables for firewalling and network flow management. Although the vulnerability does not directly compromise confidentiality or integrity, availability impacts could affect business continuity, particularly in sectors such as finance, telecommunications, and government where Linux-based infrastructure is prevalent. The requirement for local privileges limits remote exploitation, but insider threats or compromised accounts could leverage this vulnerability to cause system instability. Additionally, embedded Linux devices used in industrial control systems or network appliances could be affected, potentially impacting operational technology environments. The absence of known exploits reduces immediate risk, but timely patching is essential to prevent future exploitation attempts.

European organizations should prioritize updating Linux kernels to versions that include the fix for CVE-2024-35898. Specifically, apply vendor-provided patches or upgrade to kernel versions incorporating the RCU-based synchronization changes in the nftables flowtable code. For environments where immediate patching is challenging, consider restricting local user access to systems running vulnerable kernels, enforcing strict privilege separation and monitoring for unusual local activity. Employ kernel hardening techniques such as Kernel Address Space Layout Randomization (KASLR) and Control Flow Integrity (CFI) to reduce exploitation likelihood. Network administrators should audit nftables configurations to ensure minimal exposure and avoid unnecessary local user access to critical systems. Additionally, implement robust logging and alerting for kernel crashes or unusual nftables-related errors to detect potential exploitation attempts early. Coordination with Linux distribution maintainers for timely patch deployment is recommended to maintain security posture.