CVE-2021-47452

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the netfilter component of the Linux kernel, specifically with the nf tables subsystem. When netns device exit hooks create an UNREGISTER event, the .pre exit hook for nf tables core has already removed the base hook, causing the notifier to attempt to remove it again. This was previously necessary because the notifier was the last stage where reg->dev dereference was safe, but now that nf tables does the hook removal in .pre exit, this is no longer needed. A reproducer is provided using the unshare command and nft commands to add a table and chain, demonstrating the issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.