The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c.
5.13.0-19.193.11.0-12.194.13.0-16.194.13.0-17.204.13.0-25.294.13.0-32.354.15.0-10.114.15.0-12.134.15.0-13.146.5.0-9.94.2.0-16.194.2.0-17.214.2.0-19.234.3.0-1.104.3.0-2.114.3.0-5.164.3.0-6.174.3.0-7.184.4.0-10.254.4.0-101.124+64 more4.4.0-127.1536.8.0-31.315.3.0-18.195.3.0-24.265.4.0-9.124.4.0-1001.104.4.0-1003.124.4.0-1004.134.4.0-1007.164.4.0-1009.184.4.0-1011.204.4.0-1012.214.4.0-1013.224.4.0-1016.254.4.0-1017.26+23 more4.4.0-1060.694.4.0-1002.24.4.0-1003.34.4.0-1005.54.4.0-1006.64.4.0-1009.94.4.0-1010.104.4.0-1011.114.4.0-1012.124.4.0-1014.144.4.0-1016.16+2 more4.4.0-1022.225.13.0-1005.6Exploitability
AV:LAC:HPR:LUI:NScope
S:UImpact
C:NI:NA:HCVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H