Denial of Service Vulnerability in Linux Kernel's nft_flush_table Function

Denial of Service Vulnerability in Linux Kernel's nft_flush_table Function

CVE-2015-1573 · MEDIUM Severity

AV:L/AC:L/AU:N/C:N/I:N/A:C

The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.