Linux Kernel Netfilter nf_conncount Garbage Collection Bypass Vulnerability

A vulnerability in the Linux kernel's netfilter component, specifically in the connection counting feature, allows for an infinite growth of connection lists. This issue arises because the 'last_gc' (last garbage collection) timestamp is updated with every new connection, regardless of whether a garbage collection has actually occurred. Under high packet rates, it is possible to consistently bypass garbage collection, leading to unbounded list growth. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can cause memory exhaustion by allowing connection lists to grow indefinitely, potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by tracking connections at a high packet rate, which will bypass the garbage collection process. This can be done by simulating a large number of connections quickly, causing the connection count to increase without the opportunity for garbage collection to reclaim resources.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.