CVE-2022-48654

Published: Apr 28, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() nf_osf_find() incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nft_osf which can be used to leak stale kernel stack data to userspace.

Vendor	Product	Versions
Linux	Linux	affected `22c7652cdaa8cd33ce78bacceb4e826a3f795873 - < 721ea8ac063d70c2078c4e762212705de6151764` affected `22c7652cdaa8cd33ce78bacceb4e826a3f795873 - < 5d75fef3e61e797fab5c3fbba88caa74ab92ad47` affected `22c7652cdaa8cd33ce78bacceb4e826a3f795873 - < 816eab147e5c6f6621922b8515ad9010ceb1735e` affected `22c7652cdaa8cd33ce78bacceb4e826a3f795873 - < 633c81c0449663f57d4138326d036dc6cfad674e` affected `22c7652cdaa8cd33ce78bacceb4e826a3f795873 - < 559c36c5a8d730c49ef805a72b213d3bba155cc8`
Linux	Linux	affected `5.2` unaffected `0 - < 5.2` unaffected `5.4.215 - <= 5.4.` unaffected `5.10.146 - <= 5.10.` unaffected `5.15.71 - <= 5.15.*` +2 more versions

References

https://git.kernel.org/stable/c/721ea8ac063d70c2078c4e762212705de6151764

https://git.kernel.org/stable/c/5d75fef3e61e797fab5c3fbba88caa74ab92ad47

https://git.kernel.org/stable/c/816eab147e5c6f6621922b8515ad9010ceb1735e

https://git.kernel.org/stable/c/633c81c0449663f57d4138326d036dc6cfad674e

https://git.kernel.org/stable/c/559c36c5a8d730c49ef805a72b213d3bba155cc8

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-48654

Description

Affected Products

References