| The vulnerability resides in the `nf_tables` component of the Linux kernel's netfilter subsystem. Specifically, when a chain's flags do not include `NFT_CHAIN_HW_OFFLOAD`, the function `nft_flow_rule_create` is not called, resulting in a null pointer for the `flow` variable. Later, when an error occurs and the code jumps to the `err_destroy_flow_rule` label, it attempts to call `nft_flow_rule_destroy` on the null `flow` pointer, leading to a null pointer dereference. |
| |
| To fix this issue, the patch introduces a check to ensure that `nft_flow_rule_destroy` is only called if the `flow` pointer is non-null. This prevents the null pointer dereference and resolves the vulnerability. |
| |
| The affected file is `net/netfilter/nf_tables_api.c`, and the issue was introduced in kernel version 5.13.2 with commit 09b1f676e2e0 and fixed in version 5.13.5 with commit 70a5a1950cca. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this and other issues, rather than cherry-picking individual commits. |
| |
