Lucene search

416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2022-48654

HistoryApr 28, 2024 - 1:15 p.m.

CVE-2022-48654

2024-04-2813:15:07

CWE-908

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux

kernel

netfilter

vulnerability

fix

nfnetlink_osf

nf_osf_find

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()

nf_osf_find() incorrectly returns true on mismatch, this leads to
copying uninitialized memory area in nft_osf which can be used to leak
stale kernel stack data to userspace.

Affected configurations

Nvd

Node

linuxlinux_kernelRange5.2.0–5.4.215

linuxlinux_kernelRange5.5.0–5.10.146

linuxlinux_kernelRange5.11.0–5.15.71

linuxlinux_kernelRange5.16.0–5.19.12

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

References

git.kernel.org/stable/c/559c36c5a8d730c49ef805a72b213d3bba155cc8

git.kernel.org/stable/c/5d75fef3e61e797fab5c3fbba88caa74ab92ad47

git.kernel.org/stable/c/633c81c0449663f57d4138326d036dc6cfad674e

git.kernel.org/stable/c/721ea8ac063d70c2078c4e762212705de6151764

git.kernel.org/stable/c/816eab147e5c6f6621922b8515ad9010ceb1735e

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for NVD:CVE-2022-48654