Linux Kernel Unaligned Atomic Read Vulnerability in Netfilter NFT Hash Set

A vulnerability in the Linux kernel's netfilter component allows for an unaligned atomic read on the 'genmask' field of the 'nft_set_ext' structure. This misalignment can lead to a kernel paging request error, causing a memory access fault. The issue arises from the 'nft_set_ext' structure not being properly aligned to the word size, which is necessary for atomic operations. As a result, accessing certain fields can trigger alignment faults, disrupting normal kernel operations.

Impact

Exploitation of this vulnerability causes a kernel panic due to an unhandled alignment fault, disrupting system stability and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by accessing the 'nft_set_hash' functionality within the netfilter framework, particularly in a Linux kernel version that is affected by this alignment issue. The unaligned access can be triggered during the garbage collection process of the hash set, where the misalignment leads to a data abort exception.

Remediation

The vulnerability has been addressed by aligning the 'nft_set_ext' structure to the word size, which can be applied in the latest kernel updates. Users should upgrade to the patched version of the Linux kernel.