kernel: netfilter: NULL pointer dereference in nf_tables due to zeroed list head

A NULL pointer dereference flaw was found in the Linux kernel’s netfilter subsystem. The issue could occur due to an error in nftablesupdtable while freeing a transaction object not placed on the list head. This flaw allows a local, unprivileged user to crash the system, resulting in a denial of...

CVE-2023-1095

In nftablesupdtable, if nftablestableenable returns an error, nfttransdestroy is called to free the transaction object. nfttransdestroy calls listdel, but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference...

CVE-2023-1095

In nftablesupdtable, if nftablestableenable returns an error, nfttransdestroy is called to free the transaction object. nfttransdestroy calls listdel, but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference...

CVE-2023-1095

In nftablesupdtable, if nftablestableenable returns an error, nfttransdestroy is called to free the transaction object. nfttransdestroy calls listdel, but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference...