CVE-2022-48654

Source
https://cve.org/CVERecord?id=CVE-2022-48654
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48654.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48654
Downstream
Related
Published
2024-04-28T13:00:56.564Z
Modified
2026-07-15T01:49:09.919543904Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlinkosf: fix possible bogus match in nfosf_find()

nfosffind() incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nft_osf which can be used to leak stale kernel stack data to userspace.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48654.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
22c7652cdaa8cd33ce78bacceb4e826a3f795873
Fixed
721ea8ac063d70c2078c4e762212705de6151764
Fixed
5d75fef3e61e797fab5c3fbba88caa74ab92ad47
Fixed
816eab147e5c6f6621922b8515ad9010ceb1735e
Fixed
633c81c0449663f57d4138326d036dc6cfad674e
Fixed
559c36c5a8d730c49ef805a72b213d3bba155cc8

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48654.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.2.0
Fixed
5.4.215
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.146
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.71
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.19.12

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48654.json"