Name of the Vulnerable Software and Affected Versions:

Linux kernel versions 5.14 through 6.6

Description:

A use-after-free vulnerability in the Linux kernel's netfilter: nf tables component can be exploited to achieve local privilege escalation. The nft verdict init() function allows positive values as drop error within the hook verdict, and hence the nf hook slow() function can cause a double free vulnerability when NF DROP is issued with a drop error which resembles NF ACCEPT. This vulnerability can be exploited by an authorized user on the system to elevate their privileges to the level of root. A publicly available exploit exists for this vulnerability, and instances of its exploitation have been recorded.

Recommendations:

To resolve the issue, upgrade past commit f342de4e2f33e0e39165d8639387aa6c19dff660. As a temporary workaround, consider disabling the `nft verdict init()` function until a patch is available. Restrict access to the vulnerable `nf tables` module to minimize the risk of exploitation. Avoid using the `NF DROP` parameter in the affected API endpoint until the issue is resolved.