CVE-2026-52998
CVE-2026-52998 affects the Linux kernel’s netfilter nfnetlink_osf module. The nf_osf_ttl() function can dereference a device pointer (skb->dev) without validating the device, risking a NULL dereference. The patch removes the device dereference and the in_dev_for_each_ifa_rcu loop used to match...