We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-48654

netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()



AssignerLinux
Reserved2024-02-25
Published2024-04-28
Updated2024-11-04

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() nf_osf_find() incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nft_osf which can be used to leak stale kernel stack data to userspace.

Product status

Default status
unaffected

22c7652cdaa8 before 721ea8ac063d
affected

22c7652cdaa8 before 5d75fef3e61e
affected

22c7652cdaa8 before 816eab147e5c
affected

22c7652cdaa8 before 633c81c04496
affected

22c7652cdaa8 before 559c36c5a8d7
affected

Default status
affected

5.2
affected

Any version before 5.2
unaffected

5.4.215
unaffected

5.10.146
unaffected

5.15.71
unaffected

5.19.12
unaffected

6.0
unaffected

References

https://git.kernel.org/stable/c/721ea8ac063d70c2078c4e762212705de6151764

https://git.kernel.org/stable/c/5d75fef3e61e797fab5c3fbba88caa74ab92ad47

https://git.kernel.org/stable/c/816eab147e5c6f6621922b8515ad9010ceb1735e

https://git.kernel.org/stable/c/633c81c0449663f57d4138326d036dc6cfad674e

https://git.kernel.org/stable/c/559c36c5a8d730c49ef805a72b213d3bba155cc8

cve.org CVE-2022-48654

nvd.nist.gov CVE-2022-48654

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.