29 matches found
CVE-2026-52999
A flaw was found in the Linux kernel's netfilter subsystem, specifically in the nfnetlinkosf module. When the NFOSFLOGLEVELALL option is configured, an out-of-bounds read vulnerability can occur during TCP option parsing. This issue can lead to incorrect data processing and logging failures,...
CVE-2026-52999
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix out-of-bounds read on option matching In nfosfmatch, the nfosfhdrctx structure is initialized once and passed by reference to nfosfmatchone for each fingerprint checked. During TCP option parsing,...
CVE-2026-52999
CVE-2026-52999 pertains to the Linux kernel netfilter nfnetlink_osf, where an out-of-bounds read can occur during TCP option parsing when NF_OSF_LOGLEVEL_ALL is enabled. The root cause is a shared ctx->optp pointer that isn’t restored after nf_osf_match_one() returns, allowing subsequent finge...
CVE-2026-52998
CVE-2026-52998 affects the Linux kernel’s netfilter nfnetlink_osf module. The nf_osf_ttl() function can dereference a device pointer (skb->dev) without validating the device, risking a NULL dereference. The patch removes the device dereference and the in_dev_for_each_ifa_rcu loop used to match...
PT-2026-51892
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential NULL dereference exists in the nf osf ttl function within the netfilter nfnetlink osf module. The function accessed skb-dev to perform a local interface address lookup withou...
PT-2026-51893
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the netfilter module. In the nf osf match function, the nf osf hdr ctx structure is passed by reference to nf osf match one for fingerprint checks. During...
SUSE CVE-2026-45841
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix divide-by-zero in OSFWSSMODULO nfosfmatchone computes ctx-window % f-wss.val in the OSFWSSMODULO branch with no guard for f-wss.val == 0. A CAPNETADMIN user can add such a fingerprint via nfnetlink; a...
UBUNTU-CVE-2026-45841
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix divide-by-zero in OSFWSSMODULO nfosfmatchone computes ctx-window % f-wss.val in the OSFWSSMODULO branch with no guard for f-wss.val == 0. A CAPNETADMIN user can add such a fingerprint via nfnetlink; a...
CVE-2026-45841 netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix divide-by-zero in OSFWSSMODULO nfosfmatchone computes ctx-window % f-wss.val in the OSFWSSMODULO branch with no guard for f-wss.val == 0. A CAPNETADMIN user can add such a fingerprint via nfnetlink; a...
EUVD-2026-32167
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix divide-by-zero in OSFWSSMODULO nfosfmatchone computes ctx-window % f-wss.val in the OSFWSSMODULO branch with no guard for f-wss.val == 0. A CAPNETADMIN user can add such a fingerprint via nfnetlink; a...
CVE-2026-45841
CVE-2026-45841 affects the Linux kernel netfilter nfnetlink_osf in the OSF_WSS_MODULO path. The root cause is a divide-by-zero in nf_osf_match_one() when ctx->window is taken modulo f->wss.val with no guard for f->wss.val == 0. A CAP_NET_ADMIN user can add such a fingerprint via nfnetlin...
CVE-2026-45841
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix divide-by-zero in OSFWSSMODULO nfosfmatchone computes ctx-window % f-wss.val in the OSFWSSMODULO branch with no guard for f-wss.val == 0. A CAPNETADMIN user can add such a fingerprint via nfnetlink; a...
PT-2026-43675
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A divide-by-zero error exists in the netfilter component within the nf osf match one function. The issue occurs in the OSF WSS MODULO branch when calculating ctx-window % f-wss.val witho...
Linux Distros Unpatched Vulnerability : CVE-2026-45841
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nfnetlinkosf: fix divide-by-zero in OSFWSSMODULO nfosfmatchone computes ctx-window % f-wss.val in the OSFWSSMODULO branch with no guard for f-wss.val...
CVE-2026-45841
netfilter: nfnetlinkosf: fix divide-by-zero in OSFWSSMODULO...
CLSA-2026-1778276927 kernel: Fix of 33 CVEs
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present - xfrm: esp: avoid in-place decrypt on shared skb frags - ext4: avoid OOB when system.data xattr changes underneath the filesystem CVE-2024-47701 - gpiolib: cdev: fix uninitialised kfifo CVE-2024-36898 - wifi: mt76: Fix...
CVE-2026-23397
A flaw was found in the nfnetlinkosf module of the Linux kernel. A remote attacker could send specially crafted network packets containing malformed options, such as zero-length options or a Maximum Segment Size MSS option with an invalid length. This could lead to a system crash, resulting in a...
SUSE CVE-2026-23397
In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...
EUVD-2026-16157
In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...
DEBIAN-CVE-2026-23397
In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...