Flaw in Packet Filtering Code
A critical vulnerability has been discovered in the Linux kernel’s nf_tables packet filtering subsystem. The flaw, caused by a single inverted character in a conditional check, allows an unprivileged local user to escalate privileges to root and even break out of container environments. The vulnerability affects any Linux system that has both nf_tables and unprivileged user namespaces enabled, which is the default configuration on most desktop distributions and many server installations.
Exploitation and Impact
Security researcher Oliver Sieber from Exodus Intelligence discovered the vulnerability in early 2025 and developed a full working exploit. The technique triggers a use after free condition, bypasses the kernel’s built in memory protections, and grants the attacker root level access. FuzzingLabs independently reproduced the bug and created their own exploit using a different approach. The exploit has been demonstrated working on Debian Bookworm, Debian Trixie, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. While this vulnerability does not allow remote exploitation on its own, it can be leveraged after an attacker gains initial access, turning a low privilege shell or compromised container into a full host compromise. The upstream fix was released on February 5, 2026. Users should verify their kernel packages include this fix and reboot immediately.
Source: The Hacker News
