Linux Kernel Netfilter Conntrack Timeout Value Mismanagement Vulnerability

A vulnerability exists in the Linux kernel's netfilter component, specifically within the connection tracking (conntrack) management. The issue arises from an incorrect handling of the timeout values for unconfirmed conntrack entries. When a conntrack is unconfirmed, its timeout should be an interval. However, the current implementation mistakenly adds the timestamp of the conntrack twice, leading to an erroneous timeout value. This problem has been present since the introduction of nfnetlink_queue conntrack support.

Impact

Exploitation of this vulnerability can lead to incorrect timeout values in the conntrack system, potentially causing issues in packet processing and network traffic management.

Reproduction

The vulnerability can be reproduced by creating a conntrack entry through the netlink interface without confirming it first. The timeout value will be incorrectly set, demonstrating the flaw in the timeout management.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed.