An issue was discovered in netfilter in the Linux kernel...
Moderate severity
Unreviewed
Published
May 22, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
May 21, 2023
Published to the GitHub Advisory Database
May 22, 2023
Last updated
Apr 4, 2024
An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. NOTE: cc00bca was reverted in 5.12.
References