Linux Kernel Netfilter NF_Reject Loopback Packet Reference Count Vulnerability

A vulnerability in the Linux kernel's netfilter component can lead to improper handling of loopback packets in the NF_INET_PRE_ROUTING and NF_INET_INGRESS hooks. This issue arises because loopback packets already have a destination entry attached, even at the pre-routing stage. The vulnerability causes a reference count leak for the destination entry when these packets are rejected, which can lead to memory management issues.

Impact

The vulnerability can cause a memory management problem by leaking destination reference counts, which may lead to improper memory handling or potential memory corruption.

Reproduction

The vulnerability can be reproduced by sending loopback packets that trigger the NF_INET_PRE_ROUTING or NF_INET_INGRESS hooks. The netfilter rejection mechanism will then improperly handle the destination reference count for these packets, leading to the described vulnerability.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.