CVE-2024-50257

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61

Description: The issue is related to a use-after-free vulnerability in the get info() function of the Linux kernel's netfilter component. This vulnerability can be triggered by concurrent execution of module unload and get info() calls, leading to a potential impact on the confidentiality, integrity, and availability of protected information. The root cause of the issue is due to the removal of the xt table module from the xt templates list while still trying to access its memory.

Recommendations: To resolve the issue, update to Linux kernel version 6.6.61 or later. As a temporary workaround, consider disabling the ip6table nat module until a patch is available. Restrict access to the vulnerable get info() function to minimize the risk of exploitation. Avoid using the xt find table lock function in the affected API endpoint until the issue is resolved.