Linux Kernel Netfilter nfnetlink_queue Bridge Verdict Error Path Entry Leak Vulnerability

A vulnerability exists in the Linux kernel's netfilter component, specifically within the nfnetlink_queue subsystem. This issue leads to a memory leak by failing to properly manage queue entries for packets processed under the PF_BRIDGE protocol. When the nfqa_parse_bridge() function encounters a VLAN attribute error, it does not release the dequeued entry or its associated socket buffer, causing a gradual exhaustion of kernel memory. The leaked entries retain references to net devices and other kernel structures, compounding the memory issue. This vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability causes a memory leak that can be exploited by repeatedly sending packets that trigger the error condition, leading to exhaustion of kernel memory and potentially causing a denial of service.

Reproduction

To reproduce this vulnerability, send PF_BRIDGE packets to the system that include VLAN attributes. Ensure that the packets are crafted in such a way that they trigger an error in the nfqa_parse_bridge() function, such as by including the NFQA_VLAN attribute without the corresponding NFQA_VLAN_TCI. This will cause the function to return an error without freeing the dequeued entry, leading to a memory leak. Monitor the system's memory usage to observe the gradual exhaustion of kernel memory resources.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version of the stable Linux kernel to address this issue.