Ubuntu Security Notice 6576-1 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle an expired catchall element in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
b0ba67caed49782e02acb79bc82218723de010303bc990330e8f7b8c0eddeaaf