--- x/net/bridge/netfilter/ebtables.c
+++ y/net/bridge/netfilter/ebtables.c
@@ -1212,6 +1212,9 @@ int ebt_register_table(struct net *net,
 
 	memcpy(p, repl->entries, repl->entries_size);
 	newinfo->entries = p;
+	ret = ebt_verify_pointers(repl, newinfo);
+	if (ret != 0)
+		goto free_chainstack;
 
 	newinfo->entries_size = repl->entries_size;
 	newinfo->nentries = repl->nentries;