In the Linux kernel, the following vulnerability has been...
Unreviewed
Published
Apr 28, 2024
to the GitHub Advisory Database
•
Updated Apr 28, 2024
Description
Published by the National Vulnerability Database
Apr 28, 2024
Published to the GitHub Advisory Database
Apr 28, 2024
Last updated
Apr 28, 2024
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()
syzbot is reporting underflow of nft_counters_enabled counter at
nf_tables_addchain() [1], for commit 43eb8949cfdffa76 ("netfilter:
nf_tables: do not leave chain stats enabled on error") missed that
nf_tables_chain_destroy() after nft_basechain_init() in the error path of
nf_tables_addchain() decrements the counter because nft_basechain_init()
makes nft_is_base_chain() return true by setting NFT_CHAIN_BASE flag.
Increment the counter immediately after returning from
nft_basechain_init().
References