Missing Initialization of Resource
CVE-2022-1016
Summary
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- HIGH
- NONE
CWE-909 - Missing Initialization of Resource
The software does not initialize a critical resource.
References
Advisory Timeline
- Published