The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAPNETRAW or CAPNETADMIN capability, related to arptdotable in net/ipv4/netfilter/arptables.c, iptdotable in net/ipv4/netfilter/iptables.c, and ip6tdotable in net/ipv6/netfilter/ip6_tables.c.