Linux Kernel Netfilter nf_tables Hook Registration Vulnerability

Vulnerability

A vulnerability in the Linux kernel's netfilter component, specifically within nf_tables, has been addressed. The issue arose because the system improperly managed hook registrations when an error occurred during chain updates. This mismanagement could lead to inconsistencies, as hooks were unregistered from tables marked as dormant or inactive. The vulnerability has been resolved by ensuring that hook unregistration only occurs after a successful registration, thereby maintaining the integrity of the table's active state.

Impact

The vulnerability could lead to improper hook management, potentially causing issues in packet filtering or manipulation processes managed by nf_tables.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Netfilter nf_tables Hook Registration Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating