Linux Kernel Netfilter nf_tables Garbage Collection Vulnerability

A vulnerability in the Linux kernel's netfilter component, specifically within the nf_tables backend, has been addressed. This issue involved the garbage collection (GC) process, where elements were improperly managed, leading to potential visibility during lookups. The vulnerability arose because the asynchronous GC could enqueue transaction work that might be aborted and retried, causing inconsistencies. Additionally, certain backend types did not properly synchronize GC operations, leaving elements in a state that could interfere with normal processing.

Impact

Exploitation of this vulnerability could lead to improper management of set elements in the garbage collection process, potentially allowing for elements to remain visible during lookups when they should have been deactivated.