Linux Kernel Netfilter nfnetlink_queue Memory Allocation Vulnerability

Vulnerability

A vulnerability in the Linux kernel's netfilter component, specifically within the nfnetlink_queue, has been addressed. The issue arose because the context (ctx) in the nfqnl_build_packet_message() function could be utilized before it was properly initialized. This initialization only occurred in the nfqnl_get_sk_secctx() function. The vulnerability has been resolved by ensuring that the lsmctx is initialized to a safe value upon declaration, preventing potential memory allocation errors. This fix is akin to a previous commit that addressed a similar issue in the audit subsystem.

Impact

The vulnerability could lead to memory allocation errors, potentially causing undefined behavior or exploitation opportunities.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Netfilter nfnetlink_queue Memory Allocation Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating