5.5

CVE-2026-53218

netfilter: nft_exthdr: fix register tracking for F_PRESENT flag

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_exthdr: fix register tracking for F_PRESENT flag

nft_exthdr_init() passes user-controlled priv->len to
nft_parse_register_store(), which marks that many bytes in the
register bitmap as initialized.  However, when NFT_EXTHDR_F_PRESENT
is set, the eval paths write only 1 byte (nft_reg_store8) or
4 bytes (*dest = 0 on TCP/DCCP error path).  When len > 4,
registers beyond the first are never written, retaining
uninitialized stack data from nft_regs.

Bail out if userspace requests too much data when F_PRESENT is set.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.11 < 5.10.259
LinuxLinux Kernel Version >= 5.11 < 5.15.210
LinuxLinux Kernel Version >= 5.16 < 6.1.176
LinuxLinux Kernel Version >= 6.2 < 6.6.143
LinuxLinux Kernel Version >= 6.7 < 6.12.94
LinuxLinux Kernel Version >= 6.13 < 6.18.36
LinuxLinux Kernel Version >= 6.19 < 7.0.13
LinuxLinux Kernel Version7.1 Updaterc1
LinuxLinux Kernel Version7.1 Updaterc2
LinuxLinux Kernel Version7.1 Updaterc3
LinuxLinux Kernel Version7.1 Updaterc4
LinuxLinux Kernel Version7.1 Updaterc5
LinuxLinux Kernel Version7.1 Updaterc6
LinuxLinux Kernel Version7.1 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.028
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/8738b1b6d0e639ca1fc0f61516afd3557ac4ecc6
Patch
https://git.kernel.org/stable/c/19748967d59c31d24d21d40b728570788310b237
Patch
https://git.kernel.org/stable/c/46fc15a044e9938e7ea77786fb37edd2cd74f031
Patch
https://git.kernel.org/stable/c/cd513e43b4b2bd1de39e2367bc4261c699a8652f
Patch
https://git.kernel.org/stable/c/67b27434c43b68a97becda98c9f0c8cf6cba2134
Patch
https://git.kernel.org/stable/c/78069a6d8bc86c9e036eb82c2af4a19cc1871a53
Patch
https://git.kernel.org/stable/c/f08fb3d42fd3aad0b7a263da3ac3ebaf0845e265
Patch
https://git.kernel.org/stable/c/772cecf198da732faebb5dcfc46d66a505be8495
Patch