In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain() syzbot is reporting underflow of nft_counters_enabled counter at nf_tables_addchain() [1], for commit 43eb8949cfdffa76 (“netfilter: nf_tables: do not leave chain stats enabled on error”) missed that nf_tables_chain_destroy() after nft_basechain_init() in the error path of nf_tables_addchain() decrements the counter because nft_basechain_init() makes nft_is_base_chain() return true by setting NFT_CHAIN_BASE flag. Increment the counter immediately after returning from nft_basechain_init().
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | linux | < 6.0.2-1 | linux_6.0.2-1_all.deb |
Debian | 11 | all | linux | < 5.10.148-1 | linux_5.10.148-1_all.deb |
Debian | 10 | all | linux | < 4.19.249-2 | linux_4.19.249-2_all.deb |
Debian | 999 | all | linux | < 6.0.2-1 | linux_6.0.2-1_all.deb |
Debian | 13 | all | linux | < 6.0.2-1 | linux_6.0.2-1_all.deb |