Linux Kernel Netfilter nfnetlink_queue Hash Table Management Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's netfilter component, specifically within the nfnetlink_queue subsystem. This issue arises from the management of a global hash table shared among all queues, which can lead to a crash. The vulnerability occurs because the nf_queue_entry structure is freed using kfree, while a parallel CPU may still access this entry when traversing the list, causing a use-after-free condition. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, potentially causing a crash or allowing for arbitrary code execution.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading the Linux kernel can be found in the official Linux kernel documentation.