Linux Kernel Netfilter nf_tables Netlink Hook Unregistration Vulnerability

A vulnerability in the Linux kernel's netfilter component, specifically within the nf_tables subsystem, has been addressed. The issue arose because the functions nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks did not properly remove netlink hooks from their lists using the appropriate RCU-safe function. This oversight could lead to inconsistencies when the list was accessed by concurrent processes. The vulnerability has been resolved by introducing a new helper function that correctly removes the hooks and can be safely used in a concurrent context.

Impact

The vulnerability could lead to a use-after-free condition, where a freed memory area is accessed, potentially causing memory corruption or allowing the execution of arbitrary code.