CVE-2022-48654

MEDIUM

Linux Kernel 5.2.0-5.19.12 - Information Disclosure via Uninitialized Memory in nf_osf_find()

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() nf_osf_find() incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nft_osf which can be used to leak stale kernel stack data to userspace.

References (5)

Core 5

Core References

Patch

https://git.kernel.org/stable/c/721ea8ac063d70c2078c4e762212705de6151764

Patch

https://git.kernel.org/stable/c/5d75fef3e61e797fab5c3fbba88caa74ab92ad47

Patch

https://git.kernel.org/stable/c/816eab147e5c6f6621922b8515ad9010ceb1735e

Patch

https://git.kernel.org/stable/c/633c81c0449663f57d4138326d036dc6cfad674e

Patch

https://git.kernel.org/stable/c/559c36c5a8d730c49ef805a72b213d3bba155cc8

Scores

CVSS v3 5.5

EPSS 0.0024

EPSS Percentile 14.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-908

Status published

Products (17)

linux/Kernel 5.11.0 - 5.15.71linux

linux/Kernel 5.16.0 - 5.19.12linux

linux/Kernel 5.2.0 - 5.4.215linux

linux/Kernel 5.5.0 - 5.10.146linux

Linux/Linux < 5.2

Linux/Linux 22c7652cdaa8cd33ce78bacceb4e826a3f795873 - 559c36c5a8d730c49ef805a72b213d3bba155cc8

Linux/Linux 22c7652cdaa8cd33ce78bacceb4e826a3f795873 - 5d75fef3e61e797fab5c3fbba88caa74ab92ad47

Linux/Linux 22c7652cdaa8cd33ce78bacceb4e826a3f795873 - 633c81c0449663f57d4138326d036dc6cfad674e

Linux/Linux 22c7652cdaa8cd33ce78bacceb4e826a3f795873 - 721ea8ac063d70c2078c4e762212705de6151764

Linux/Linux 22c7652cdaa8cd33ce78bacceb4e826a3f795873 - 816eab147e5c6f6621922b8515ad9010ceb1735e

... and 7 more

Published Apr 28, 2024

Tracked Since Feb 18, 2026