Linux Kernel Netfilter nf_tables Module Reference Underflow Vulnerability

Vulnerability

A vulnerability in the Linux kernel's netfilter component, specifically within nf_tables, has been addressed. The issue involved a potential module reference underflow in the error handling path. When nft_expr_clone() failed, dst->ops was incorrectly set, leading to a situation where nft_expr_destroy() could cause a module reference underflow. This occurred because the module reference count had not been properly incremented before the error was handled.

Impact

Exploitation of this vulnerability could lead to a module reference underflow, potentially causing instability or unexpected behavior in the kernel module management.

Added: Jun 18, 2025, 7:03 PM

Updated: Jun 18, 2025, 7:03 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Netfilter nf_tables Module Reference Underflow Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating