In the nfnetlink_rcv_batch function, an uninitialized local variable extack is used, which results in using random stack data as a pointer. This pointer is then used to access the data it points to and return it as the request status, leading to an information leak. If the stack data happens to be an invalid pointer, it can cause a pointer access exception, triggering a kernel crash. Signed-off-by: icejl <icejl0001@xxxxxxxxx> --- net/netfilter/nfnetlink.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c index 4abf660c7baf..b29b281f4b2c 100644 --- a/net/netfilter/nfnetlink.c +++ b/net/netfilter/nfnetlink.c @@ -427,6 +427,7 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh, nfnl_unlock(subsys_id); + memset(&extack, 0, sizeof(extack)); if (nlh->nlmsg_flags & NLM_F_ACK) nfnl_err_add(&err_list, nlh, 0, &extack); -- 2.34.1
