nfqnl_mangle in net/netfilter/nfnetlink_queue.c allows remote attackers to cause a denial of service in the case of a nf_queue verdict with a one-byte nfta_payload attribute skb_pull can encounter a negative skb->len