Linux Kernel Netfilter nf_tables Chain Lookup Vulnerability

A vulnerability in the Linux kernel's netfilter component, specifically within the nf_tables subsystem, has been addressed. The issue arose because the chain lookup function ignored the generation mask when searching for chains by ID. This oversight could lead to a rule referencing a deleted chain, causing a warning message during operation. The vulnerability was introduced when the NFTA_RULE_CHAIN_ID attribute was added, allowing for improper handling of chain references in certain scenarios.

Impact

Exploitation of this vulnerability could lead to a warning being triggered, indicating that a rule is referencing a deleted chain. This could potentially disrupt normal operations or cause unexpected behavior in network filtering rules.

Reproduction

To reproduce this vulnerability, add a rule to a chain using its ID, but ensure that the chain has been deleted in the same batch. This will cause the rule to reference a non-existent chain, triggering a warning about the invalid reference. The warning can be observed in the system logs, indicating the chain destruction process and the associated chain ID lookup failure.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been fixed. Instructions for upgrading the Linux kernel can be found in the official Linux kernel documentation.