QwikSec

Security Database

CVE

CWE

Training

CVE-2022-36946

Published: Jul 27, 2022

Modified: May 5, 2025

PUBLISHED

Description

nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://marc.info/?l=netfilter-devel&m=165883202007292&w=2

vendor-advisory

https://security.netapp.com/advisory/ntap-20220901-0007/

[debian-lts-announce] 20220911 [SECURITY] [DLA 3102-1] linux-5.10 new package

mailing-list

[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update

mailing-list

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.