7.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
Use-after-free in Linux kernel's netfilter: nf_tables component
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability. We recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b… patch
- https://kernel.dance/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b… patch
- https://kernel.dance/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b… patch x_transferred
- https://kernel.dance/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7 x_transferred
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b… patch
- https://kernel.dance/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7
- https://kernel.dance/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7 x_transferred
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b… patch x_transferred
Affected products
- <6.8
Matching in nixpkgs
pkgs.coq-kernel
None
pkgs.kernelshark
GUI for trace-cmd which is an interface for the Linux kernel ftrace subsystem
-
nixos-unstable -
- nixpkgs-unstable 2.4.0
pkgs.linuxPackages.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-6.12.47
pkgs.linuxPackages.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.12.47
pkgs.kernel-hardening-checker
Tool for checking the security hardening options of the Linux kernel
-
nixos-unstable -
- nixpkgs-unstable 0.6.10.2
pkgs.linuxPackages.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxPackages_lqx.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.16.5
pkgs.linuxPackages_zen.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.16.5
pkgs.python312Packages.kernels
Load compute kernels from the Huggingface Hub
-
nixos-unstable -
- nixpkgs-unstable 0.10.0
pkgs.python313Packages.kernels
Load compute kernels from the Huggingface Hub
-
nixos-unstable -
- nixpkgs-unstable 0.10.0
pkgs.linuxPackages.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.12.47
pkgs.linuxPackages-libre.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-6.12.47
pkgs.linuxPackages-libre.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.12.47
pkgs.python312Packages.ipykernel
IPython Kernel for Jupyter
-
nixos-unstable -
- nixpkgs-unstable 6.30.1
pkgs.python313Packages.ipykernel
IPython Kernel for Jupyter
-
nixos-unstable -
- nixpkgs-unstable 6.30.1
pkgs.linuxPackages_latest.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.16.7
pkgs.linuxPackages_lqx.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxPackages_xanmod.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-6.12.47
pkgs.linuxPackages_xanmod.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.12.47
pkgs.linuxPackages_zen.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.python312Packages.nix-kernel
Simple jupyter kernel for nix-repl
-
nixos-unstable -
- nixpkgs-unstable 2020-04-26
pkgs.python313Packages.nix-kernel
Simple jupyter kernel for nix-repl
-
nixos-unstable -
- nixpkgs-unstable 2020-04-26
pkgs.python312Packages.bash-kernel
Bash Kernel for Jupyter
-
nixos-unstable -
- nixpkgs-unstable 0.10.0
pkgs.python313Packages.bash-kernel
Bash Kernel for Jupyter
-
nixos-unstable -
- nixpkgs-unstable 0.10.0
pkgs.haskellPackages.ipython-kernel
A library for creating kernels for IPython frontends
-
nixos-unstable -
- nixpkgs-unstable 0.11.0.0
pkgs.linuxPackages-libre.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxPackages_lqx.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.16.5
pkgs.linuxPackages_zen.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.16.5
pkgs.rocmPackages.composable_kernel
Performance portable programming model for machine learning tensor operators
-
nixos-unstable -
- nixpkgs-unstable 6.4.0-unstable-2024-12-20
pkgs.linuxPackages_latest.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxPackages_xanmod.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.gnomeExtensions.kernel-indicator
Display the kernel version in the top bar
-
nixos-unstable -
- nixpkgs-unstable 4
pkgs.linuxPackages-libre.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.12.47
pkgs.python312Packages.ansible-kernel
Ansible kernel for Jupyter
-
nixos-unstable -
- nixpkgs-unstable 1.0.0
pkgs.python312Packages.spyder-kernels
Jupyter kernels for Spyder's console
-
nixos-unstable -
- nixpkgs-unstable 3.1.0b1
pkgs.python313Packages.ansible-kernel
Ansible kernel for Jupyter
-
nixos-unstable -
- nixpkgs-unstable 1.0.0
pkgs.python313Packages.spyder-kernels
Jupyter kernels for Spyder's console
-
nixos-unstable -
- nixpkgs-unstable 3.1.0b1
pkgs.rocmPackages_6.composable_kernel
Performance portable programming model for machine learning tensor operators
-
nixos-unstable -
- nixpkgs-unstable 6.4.0-unstable-2024-12-20
pkgs.linuxPackages_latest.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.16.7
pkgs.linuxPackages_xanmod.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.12.47
pkgs.linuxPackages_latest-libre.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.16.7
pkgs.python312Packages.jupyter-c-kernel
Minimalistic C kernel for Jupyter
-
nixos-unstable -
- nixpkgs-unstable 1.2.2
pkgs.python313Packages.jupyter-c-kernel
Minimalistic C kernel for Jupyter
-
nixos-unstable -
- nixpkgs-unstable 1.2.2
pkgs.linuxPackages_xanmod_stable.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.16.7
pkgs.linuxPackages_latest-libre.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_5_4.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-5.4.299
pkgs.linuxKernel.packages.linux_5_4.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-5.4.299
pkgs.linuxKernel.packages.linux_6_1.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-6.1.152
pkgs.linuxKernel.packages.linux_6_1.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.1.152
pkgs.linuxKernel.packages.linux_6_6.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-6.6.106
pkgs.linuxKernel.packages.linux_6_6.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.6.106
pkgs.linuxKernel.packages.linux_lqx.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.16.5
pkgs.linuxKernel.packages.linux_zen.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.16.5
pkgs.linuxPackages_xanmod_stable.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_5_10.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-5.10.244
pkgs.linuxKernel.packages.linux_5_10.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-5.10.244
pkgs.linuxKernel.packages.linux_5_15.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-5.15.193
pkgs.linuxKernel.packages.linux_5_15.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-5.15.193
pkgs.linuxKernel.packages.linux_6_12.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-6.12.47
pkgs.linuxKernel.packages.linux_6_12.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.12.47
pkgs.linuxKernel.packages.linux_6_16.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.16.7
pkgs.linuxPackages_latest-libre.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.16.7
pkgs.linuxKernel.packages.linux_libre.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-6.12.47
pkgs.linuxKernel.packages.linux_libre.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.12.47
pkgs.linuxPackages_xanmod_stable.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.16.7
pkgs.home-assistant-component-tests.hardkernel
Open source home automation that puts local control and privacy first
-
nixos-unstable -
- nixpkgs-unstable 2025.9.3
pkgs.linuxKernel.packages.linux_5_4.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_6_1.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_6_6.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_lqx.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_xanmod.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-6.12.47
pkgs.linuxKernel.packages.linux_xanmod.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.12.47
pkgs.linuxKernel.packages.linux_zen.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_5_10.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_5_15.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_6_12.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_6_16.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_5_4.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-5.4.299
pkgs.linuxKernel.packages.linux_6_1.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.1.152
pkgs.linuxKernel.packages.linux_6_6.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.6.106
pkgs.linuxKernel.packages.linux_hardened.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-6.12.43
pkgs.linuxKernel.packages.linux_hardened.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.12.43
pkgs.linuxKernel.packages.linux_libre.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_lqx.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.16.5
pkgs.linuxKernel.packages.linux_zen.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.16.5
pkgs.linuxKernel.packages.linux_5_10.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-5.10.244
pkgs.linuxKernel.packages.linux_5_15.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-5.15.193
pkgs.linuxKernel.packages.linux_6_12.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.12.47
pkgs.linuxKernel.packages.linux_6_16.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.16.7
pkgs.linuxKernel.packages.linux_xanmod.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_libre.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.12.47
pkgs.linuxKernel.packages.linux_hardened.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_xanmod.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.12.47
pkgs.linuxKernel.packages.linux_latest_libre.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.16.7
pkgs.linuxKernel.packages.linux_6_12_hardened.zfs_2_2
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.2.8-6.12.43
pkgs.linuxKernel.packages.linux_6_12_hardened.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.12.43
pkgs.linuxKernel.packages.linux_hardened.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.12.43
pkgs.linuxKernel.packages.linux_xanmod_stable.zfs_2_3
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.3.4-6.16.7
pkgs.linuxKernel.packages.linux_latest_libre.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_6_12_hardened.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_xanmod_stable.linux-gpib
Support package for GPIB (IEEE 488) hardware
-
nixos-unstable -
- nixpkgs-unstable 4.3.6
pkgs.linuxKernel.packages.linux_latest_libre.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.16.7
pkgs.linuxKernel.packages.linux_6_12_hardened.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.12.43
pkgs.linuxKernel.packages.linux_xanmod_stable.zfs_unstable
ZFS Filesystem Linux Kernel Module
-
nixos-unstable -
- nixpkgs-unstable 2.4.0-rc1-6.16.7
Package maintainers
-
@honnip Jung seungwoo <me@honnip.page>
-
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
-
@erdnaxe Alexandre Iooss <erdnaxe@crans.org>
-
@basvandijk Bas van Dijk <v.dijk.bas@gmail.com>
-
@Sigmanificient Yohann Boniface <sigmanificient@gmail.com>
-
@fsagbuya Florian Agbuya <fa@m-labs.ph>
-
@adamcstephens Adam C. Stephens <happy.plan4249@valkor.net>
-
@amarshall Andrew Marshall <andrew@johnandrewmarshall.com>
-
@zimbatm zimbatm <zimbatm@zimbatm.com>
-
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
-
@natsukium Tomoya Otabi <nixpkgs@natsukium.com>
-
@thomasjm Tom McLaughlin <tom@codedown.io>
-
@osbm Osman Bayram <osmanfbayram@gmail.com>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@Flakebi Sebastian Neubauer <flakebi@t-online.de>
-
@mschwaig Martin Schwaighofer <mschwaig+nixpkgs@eml.cc>
-
@GZGavinZhao Gavin Zhao