Linux Kernel Netfilter nf_tables Flowtable Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's netfilter component, specifically within the nf_tables subsystem. This issue arises when a flowtable is released after the RCU grace period due to an error, such as reaching the maximum number of hooks or failing to offload to hardware. The vulnerability allows a flowtable to be exposed to the packet path and the nfnetlink_hook control plane, potentially leading to unintended behavior or exploitation. The problem was uncovered by KASAN while dumping hooks, revealing the use-after-free condition.

Impact

Exploitation of this vulnerability causes a use-after-free condition, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by creating a flowtable in nf_tables and then forcing an error condition, such as exceeding the maximum number of hooks or failing to set up hardware offloading. This will cause the flowtable to be released improperly, after the RCU grace period, leading to the use-after-free condition.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.