In the Linux kernel, a recent vulnerability has been resolved to address a memory leak in the netfilter subsystem's nf_tables module. The specific issue is a memory leak that occurs in the map from the abort path, which has been fixed.

The vulnerability is found in the delete set command and is caused by the improper use of the transaction object for element removal. In particular, a combination of delete element and delete set from the abort path could result in restoring twice the refcount of the mapping. This leads to a memory leak that can be exploited by attackers.

To address this issue, the kernel developers have implemented a check for an inactive element in the next generation for the delete element command in the abort path. The state is not restored if the next generation bit has been already cleared. This solution is identical to the activate logic using the set walk iterator.

The below code snipplet from the kernel log provides an overview of the issue

[ 617.286929] ------------[ cut here ]------------
[ 617.286939] WARNING: CPU: 6 PID: 790302 at net/netfilter/nf_tables_api.c:2086 nf_tables_chain_destroy+x1f7/x220 [nf_tables]
[ 617.287071] Modules linked in: [...]
...
[ 617.287962] Call Trace:
[ 617.287967]  <TASK>
[ 617.287973]  ? __warn+x9f/x1a
[ 617.287986]  ? nf_tables_chain_destroy+x1f7/x220 [nf_tables]
[ 617.288092]  ? report_bug+x1b1/x1e
[ 617.287986]  ? nf_tables_chain_destroy+x1f7/x220 [nf_tables]
[ 617.288092]  ? report_bug+x1b1/x1e
[ 617.288104]  ? handle_bug+x3c/x70
[ 617.288112]  ? exc_invalid_op+x17/x40
[ 617.288120]  ? asm_exc_invalid_op+x1a/x20
[ 617.288132]  ? nf_tables_chain_destroy+x2b/x220 [nf_tables]
[ 617.288243]  ? nf_tables_chain_destroy+x1f7/x220 [nf_tables]
[ 617.288366]  ? nf_tables_chain_destroy+x2b/x220 [nf_tables]
[ 617.288483]  nf_tables_trans_destroy_work+x588/x590 [nf_tables]

For more information on the vulnerability and its resolution, consult the original references and resources:

- Linux kernel source code
- Linux kernel mailing list
- nf_tables module documentation

Exploit details

- The vulnerability can be exploited by attackers who have the ability to craft specific network traffic, which may cause the affected system to crash or become unstable.

Remote exploitation is less likely but should not be ruled out.

- Systems running affected Linux kernel releases are recommended to apply patches for this vulnerability as soon as possible.

To protect your system from this vulnerability, ensure you are running a patched version of the Linux kernel, and keep your software up to date.

Timeline

Published on: 05/01/2024 06:15:19 UTC
Last modified on: 05/29/2024 05:26:59 UTC