Impact
The vulnerability is a use‑after‑free in the Netfilter NAT subsystem of the Linux kernel. When NAT hook structures are freed with kfree_rcu, the nfnetlink hook dump subsystem may still reference the memory, leading to a dangling pointer that can corrupt kernel memory or trigger a crash. The official narrative does not indicate arbitrary code execution or privilege escalation, so the impact is primarily limited to memory corruption and potential denial of service.
Affected Systems
All Linux kernel releases incorporating the Netfilter NAT hook subsystem prior to the nf_nat_register_fn patch are affected. The issue first materialized in kernel version 5.14 when userspace hook dumping was added, and any distribution shipping an unpatched kernel in that range remains vulnerable until the fix is applied. The vulnerable code path is present in the general Linux kernel tree.
Risk and Exploitability
The CVSS score of 7.8 reflects moderate severity, while the EPSS score of < 1% indicates a very low likelihood of active exploitation. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be local, requiring an actor to invoke the nfnetlink hook dump interface; there is no documented remote exposure. Exploitation would exploit the dangling reference for memory corruption, potentially in a privileged context if the attacker gains elevated Linux rights, but no direct privilege escalation paths are evident in the description.
OpenCVE Enrichment