Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() nf_osf_find() incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nft_osf which can be used to leak stale kernel stack data to userspace.

INFO

Published Date :

2024-04-28T13:00:56.564Z

Last Modified :

2025-05-04T08:20:39.054Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-48654 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-48654.

URL Resource
https://git.kernel.org/stable/c/559c36c5a8d730c49ef805a72b213d3bba155cc8 cve-icon cve-icon
https://git.kernel.org/stable/c/5d75fef3e61e797fab5c3fbba88caa74ab92ad47 cve-icon cve-icon
https://git.kernel.org/stable/c/633c81c0449663f57d4138326d036dc6cfad674e cve-icon cve-icon
https://git.kernel.org/stable/c/721ea8ac063d70c2078c4e762212705de6151764 cve-icon cve-icon
https://git.kernel.org/stable/c/816eab147e5c6f6621922b8515ad9010ceb1735e cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024042859-CVE-2022-48654-e107@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-48654 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-48654 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact