References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

netfilter: bpf: defer hook memory release until rcu readers are done

Yiming Qian reports UaF when concurrent process is dumping hooks via
nfnetlink_hooks:

BUG: KASAN: slab-use-after-free in nfnl_hook_dump_one.isra.0+0xe71/0x10f0
Read of size 8 at addr ffff888003edbf88 by task poc/79
Call Trace:
 <TASK>
 nfnl_hook_dump_one.isra.0+0xe71/0x10f0
 netlink_dump+0x554/0x12b0
 nfnl_hook_get+0x176/0x230
 [..]

Defer release until after concurrent readers have completed.

https://git.kernel.org/stable/c/24f90fa3994b992d1a09003a3db2599330a5232a

https://git.kernel.org/stable/c/54244d54a971c26a0cd0a9073460ff71f3c51b32

https://git.kernel.org/stable/c/c25e0dec366ae99b7264324ce3c7cbaea34691f9

https://git.kernel.org/stable/c/cb2bf5efdb02a2a59faf603604a1066e8266f349

https://git.kernel.org/stable/c/d016c216bc75c45128160593a77b864a04dbe7c0