Back to bug 2182888

Who When What Removed Added
Pedro Sampaio 2023-03-29 21:19:28 UTC Blocks 2182889
Ravindra Patil 2023-04-07 05:19:53 UTC CC ravpatil
Rohit Keshri 2023-06-06 18:36:41 UTC Fixed In Version Kenrel 6.0-rc7
Mauro Matteo Cascella 2023-06-06 18:44:35 UTC Fixed In Version Kenrel 6.0-rc7 kernel 6.0-rc7
Mauro Matteo Cascella 2023-06-06 18:52:06 UTC Alias ZDI-CAN-18540, ZDI-22-1457
Summary CVE-2022-42432 kernel: Uninitialized memory area in nft_osf CVE-2022-42432 kernel: netfilter: nftables uninitialized variable information disclosure vulnerability
Mauro Matteo Cascella 2023-06-06 18:55:30 UTC Doc Text A flaw was found in the netfilter subsystem of the Linux kernel. The specific flaw exists within the nft_osf_eval function. The issue results from the lack of proper initialization of memory prior to accessing it. This vulnerability could allow a local privileged user to leak stale kernel stack data to userspace.
Paige Jung 2023-06-06 19:29:13 UTC Doc Text A flaw was found in the netfilter subsystem of the Linux kernel. The specific flaw exists within the nft_osf_eval function. The issue results from the lack of proper initialization of memory prior to accessing it. This vulnerability could allow a local privileged user to leak stale kernel stack data to userspace. A flaw was found in the nft_osf_eval function in the netfilter subsystem of the Linux kernel. This issue results from the lack of proper initialization of memory prior to accessing it, and could allow a local privileged user to leak stale kernel stack data to userspace.
Mauro Matteo Cascella 2023-06-06 19:29:58 UTC Summary CVE-2022-42432 kernel: netfilter: nftables uninitialized variable information disclosure vulnerability CVE-2022-42432 kernel: netfilter: nfnetlink_osf: uninitialized variable information disclosure vulnerability
Mauro Matteo Cascella 2023-06-08 08:19:37 UTC Depends On 2213465, 2213466
Mauro Matteo Cascella 2023-06-08 08:20:47 UTC Depends On 2121393
Mauro Matteo Cascella 2023-06-08 08:22:43 UTC Depends On 2061574
Red Hat Bugzilla 2023-07-07 08:33:59 UTC Assignee security-response-team nobody

Back to bug 2182888