Linux Kernel Netfilter nf_tables Netlink Notifier Race Condition Vulnerability

A race condition vulnerability has been identified in the Linux kernel's netfilter component, specifically within nf_tables. The issue arises in the netlink notifier handler, which may prematurely remove objects still in use by the transaction context. This occurs because the commit release process, invoked via call_rcu, operates without locks to release objects after the RCU grace period. If the transaction list is not empty, pending RCU callbacks may not complete before the netlink notifier removes referenced objects, leading to potential inconsistencies.

Impact

Exploitation of this vulnerability could cause a use-after-free condition, where released objects are still referenced, potentially leading to memory corruption or other undefined behavior.

Remediation

To address this vulnerability, the Linux kernel has been updated to include a call to rcu_barrier() in the netlink notifier, ensuring that all pending RCU callbacks are completed before objects are removed. Users should upgrade to the latest stable version of the Linux kernel where this vulnerability has been patched.