2025-02-26 02:14:06
Linux
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb->_nfct and set skb->_nfct to the already-confirmed entry. This wasnt found before because the conntrack entry and the extension space used to freed after an rcu grace period, plus the race needs events enabled to trigger.