In the Linux kernel, the following vulnerability has been resolved: netfilter: nfttproxy: restrict to prerouting hook TPROXY is only allowed from prerouting, but nfttproxy doesn't check this. This fixes a crash (null dereference) when using tproxy from e.g. output.