17 matches found
CVE-2026-45841
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix divide-by-zero in OSFWSSMODULO nfosfmatchone computes ctx-window % f-wss.val in the OSFWSSMODULO branch with no guard for f-wss.val == 0. A CAPNETADMIN user can add such a fingerprint via nfnetlink; a...
CVE-2026-23397 nfnetlink_osf: validate individual option lengths in fingerprints
In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...
CVE-2022-48654
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix possible bogus match in nfosffind nfosffind incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nftosf which can be used to leak stale kernel stack data to userspa...
CVE-2022-48654
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix possible bogus match in nfosffind nfosffind incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nftosf which can be used to leak stale kernel stack data to userspa...
CVE-2022-48654
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix possible bogus match in nfosffind nfosffind incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nftosf which can be used to leak stale kernel stack data to userspa...
CVE-2022-48654
The CVE-2022-48654 entry concerns a Linux kernel netfilter issue: nfnetlink_osf (nf_osf_find) could incorrectly return true on a mismatch, causing copying of uninitialized memory in nft_osf and leaking stale kernel stack data to userspace. Connected Astra Linux advisory mirrors this vulnerability...
CVE-2022-48654
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix possible bogus match in nfosffind nfosffind incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nftosf which can be used to leak stale kernel stack data to userspa...
CVE-2022-48654 netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix possible bogus match in nfosffind nfosffind incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nftosf which can be used to leak stale kernel stack data to userspa...
CVE-2022-48654 netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix possible bogus match in nfosffind nfosffind incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nftosf which can be used to leak stale kernel stack data to userspa...
CVE-2022-48654 netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix possible bogus match in nfosffind nfosffind incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nftosf which can be used to leak stale kernel stack data to userspa...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.323.8.2.el8 - netfilter: nfnetlinkosf: avoid OOB read Wander Lairson Costa Orabug: 35824307 - netfilter: xtsctp: validate the flaginfo count Wander Lairson Costa Orabug: 35824307 - netfilter: xtu32: validate user space input Wander Lairson Costa Orabug: 35824307 - netfilter: ipset: ad...
Unbreakable Enterprise kernel-container security update
5.4.17-2136.324.5.3.el7 - Revert 'jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint' Sherry Yang Orabug: 35896102 5.4.17-2136.324.5.2.el7 - fix breakage in dormdir Al Viro Orabug: 35885837 5.4.17-2136.324.5.1.el7 - x86: KVM: SVM: always update the x2avic msr interception...
GSD-2022-1006602 netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
netfilter: nfnetlinkosf: fix possible bogus match in nfosffind This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.215 by commit...
GSD-2022-1006591 netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
netfilter: nfnetlinkosf: fix possible bogus match in nfosffind This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.146 by commit...
GSD-2022-1006567 netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
netfilter: nfnetlinkosf: fix possible bogus match in nfosffind This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.71 by commit...
GSD-2022-1006530 netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
netfilter: nfnetlinkosf: fix possible bogus match in nfosffind This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.12 by commit...
GSD-2022-1006484 netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
netfilter: nfnetlinkosf: fix possible bogus match in nfosffind This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0 by commit...