CVE-2024-42270

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50

Description The vulnerability is related to a null pointer dereference in the iptable nat table init() function. This issue can be triggered when iptables-restore is called at boot time, causing a kernel NULL pointer dereference. The problem arises because iptable nat table init() is exposed to user space before the kernel fully initializes netns. In the small race window, a user could call iptable nat table init() that accesses net generic(net, iptable nat net id), which is available only after registering iptable nat net ops. To fix this, register pernet subsys() should be called before xt register template().

Recommendations To resolve this issue, update the Linux kernel to version 6.6.50 or later. If updating is not possible, consider disabling the iptable nat table init() function until a patch is available. However, this might have significant implications for network functionality and should be carefully considered.

Note: The provided information does not specify the exact versions affected beyond mentioning version 6.6.50 as a fix. Therefore, it is recommended to update to this version or later to ensure the vulnerability is resolved.