9 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables – The flag for the discard table is updated, with the pending basechain being deleted. The hook for unregistration is deferred to the commit phase. The same applies to hook updates triggered by the table...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: double hook unregistration in netns path nftreleasehooks is called from the prenetns exit path, which unregisters the hooks. Then, the NETDEVUNREGISTER event is triggered, which unregisters the hooks again...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992689)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992689 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: double hook unregistration in netns path nftreleasehooks is called from...
UBUNTU-CVE-2025-38678
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is found, leaving...
kernel: netfilter: bpf: must hold reference on net namespace
In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: must hold reference on net namespace BUG: KASAN: slab-use-after-free in nfunregisternethook+0x640/0x6b0 Read of size 8 at addr ffff8880106fe400 by task repro/72= bpfnflinkrelease+0xda/0x1e0 bpflinkfree+0x139/0x2d0...
UBUNTU-CVE-2022-49558
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: double hook unregistration in netns path nftreleasehooks is called from prenetns exit path which unregisters the hooks, then the NETDEVUNREGISTER event is triggered which unregisters the hooks again. 565.2214...
kernel: netfilter: nf_tables: discard table flag update with pending basechain deletion
This CVE involves a flaw in the Linux kernel's nftables component, part of the Netfilter framework used for packet filtering and firewall functionalities. The vulnerability arises when a table's dormant flag is updated while there's a pending deletion of a base chain. In such cases, the...
CVE-2021-47452
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: skip netdev events generated on netns removal syzbot reported following harmless WARN: WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468 nftnetdevunregisterhooks net/netfilter/nftablesapi.c:230 inline...
CVE-2021-47452
CVE-2021-47452: In the Linux kernel, nf_tables netdev event handling during net namespace removal could lead to a redundant UNREGISTER notifier action because the base hook was removed too late. The issue is a sequence/order problem in the notifier vs .pre_exit hook, which could cause an attempt ...