Linux Kernel Netfilter ctnetlink NAT Expectation Fields Initialization Vulnerability

A vulnerability exists in the Linux kernel's netfilter component, specifically within the ctnetlink interface. The issue arises when the CTA_EXPECT_NAT attribute is absent from a netlink message, leading to uninitialized expectation fields. This flaw allows stale data from previous allocations to be erroneously sent to userspace, potentially causing confusion or misbehavior in applications that rely on this data. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can lead to the incorrect handling of NAT expectations, potentially causing applications to receive outdated or incorrect information about network connections.

Reproduction

The vulnerability can be reproduced by first sending expectations that include NAT data, then freeing those expectations and creating a new one without including the NAT information. The ctnetlink interface will then incorrectly emit a NAT attribute containing the stale data from the previous expectation.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.