Dong Chenchen

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.12.0-rc6-00077-g2e1b3cc9d7f7 **Description** A vulnerability in the Linux kernel has been resolved, which could trigger an ip rt bug when an arp link failure occurs while xfrm is enabled. The issue arises from the icmp route lookup function creating input routes for locally generated packets while xfrm relooks up ICMP traffic, and then setting the input route to skb for DESTUNREACH. This problem can be reproduced with a specific script that configures xfrm policies and generates ICMP traffic. Generally, xfrm relookup verification is not required on loopback interfaces. **Recommendations** To resolve this issue, skip icmp relookup for locally generated packets by setting net.ipv4.conf.lo.disable xfrm = 1 on loopback interfaces. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61 Description: The issue is related to a use-after-free vulnerability in the `get info()` function of the Linux kernel's netfilter component. This vulnerability can be triggered by concurrent execution of module unload and `get info()` calls, leading to a potential impact on the confidentiality, integrity, and availability of protected information. The root cause of the issue is due to the removal of the `xt table` module from the `xt templates` list while still trying to access its memory. Recommendations: To resolve the issue, update to Linux kernel version 6.6.61 or later. As a temporary workaround, consider disabling the `ip6table nat` module until a patch is available. Restrict access to the vulnerable `get info()` function to minimize the risk of exploitation. Avoid using the `xt find table lock` function in the affected API endpoint until the issue is resolved.