Kuan-Ting Chen

**Name of the Vulnerable Software and Affected Versions** Linux Kernel versions 6.5 through 6.9-rc3 **Description** The issue is related to a locking problem in the `nf tables abort()` function of the netfilter subsystem in the Linux kernel. This problem can allow an attacker to impact the confidentiality, integrity, and availability of protected information. The commit mutex should not be released during the critical section between `nft gc seq begin()` and `nft gc seq end()`, otherwise, an async GC worker could collect expired objects and get the released commit lock within the same GC sequence. The `nf tables module autoload()` function temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Moving it to the end of the abort phase after `nft gc seq end()` is called resolves the issue. **Recommendations** As a temporary workaround, consider disabling the `nf tables abort()` function until a patch is available. Restrict access to the netfilter subsystem to minimize the risk of exploitation. Update to a version of the Linux kernel that includes the fix for this issue, which involves moving the mutex release to the end of the abort phase after `nft gc seq end()` is called. At the moment, there is no information about a newer version that contains a fix for this vulnerability.