nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | 2.6.14 (including) | 4.9.326 (excluding) |
Linux_kernel | Linux | 4.10 (including) | 4.14.291 (excluding) |
Linux_kernel | Linux | 4.15 (including) | 4.19.255 (excluding) |
Linux_kernel | Linux | 4.20 (including) | 5.4.209 (excluding) |
Linux_kernel | Linux | 5.5 (including) | 5.10.135 (excluding) |
Linux_kernel | Linux | 5.11 (including) | 5.15.59 (excluding) |
Linux_kernel | Linux | 5.16 (including) | 5.18.16 (excluding) |