nftables

A subtle pointer‑math mistake in the Linux kernel’s Netfilter nf_tables code — tracked as CVE‑2024‑0607 — lets a local actor corrupt internal data by writing eight bytes into a four‑byte slot inside nft_byteorder_eval(), producing memory corruption that leads to kernel instability and reliable...

A subtle misstep in nftables object handling created a classic kernel-level use‑after‑free that has since rippled through distributions and cloud images: an nft object or expression could point to a set in a different nft table, and when that table was removed the remaining dangling reference...

The short answer is: No — Azure Linux is not necessarily the only Microsoft product that could include the vulnerable nf_tables code, but it is the only Microsoft product Microsoft has publicly attested so far as carrying that upstream component. Microsoft’s advisory is a product-level inventory...

The Linux kernel received a targeted fix that addresses a subtle but disruptive netfilter edge case: CVE-2025-68206 adds a seqadj extension inside nftables’ conntrack helper path so NAT’ed FTP control connections (PASV/EPSV) are correctly sequence-adjusted when payload bytes are rewritten — a...

A recently disclosed Linux-kernel vulnerability in the netfilter nftables subsystem can cause a kernel crash when a rule references certain stateful objects from the OUTPUT hook; maintainers fixed the defect by adding proper validation for objref and objrefmap expressions so that referencing a...

On December 6, 2024, Microsoft engineers rolled out the latest update for Azure Linux, officially branded as Azure Linux 3.0.20241203. This version brings significant enhancements to Microsoft’s in-house Linux distribution, designed for Azure services and edge appliances. The update not only...