A flaw was found in the Netfilter subsystem in the Linux kernel. This issue occurs in the nft_verdict_init() function, allowing positive values as a drop error within the hook verdict, therefore, the nf_hook_slow() function can cause a double-free vulnerability when NF_DROP is issued with a drop error that resembles NF_ACCEPT. The nf_tables component can be exploited to achieve local privilege escalation (see https://bugzilla.redhat.com/show_bug.cgi?id=2262126).
For details see the SVG Advisory here: https://advisories.egi.eu/Advisory-EGI-SVG-2024-08
Recent Comments