SB2026032649 - Out-of-bounds read in Linux kernel netfilter
Published: March 26, 2026
Security Bulletin ID
SB2026032649
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2026-23397)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in the nfnetlink_osf component when handling TCP option fingerprints. A remote attacker can send a specially crafted request to cause a denial of service.
Exploitation involves sending malicious TCP packets with zero-length options or MSS options with length less than 4, leading to null pointer dereference and out-of-bounds reads during packet matching.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/224f4678812e1a7bc8341bcb666773a0aec5ea6f
- https://git.kernel.org/stable/c/3932620c04c2938c93c0890c225960d3d34ba355
- https://git.kernel.org/stable/c/4c6aa008b913e808c4f4d3cde36cb1d9bb5967c6
- https://git.kernel.org/stable/c/aa0574182c46963c3cdb8cde46ec93aca21100d8
- https://git.kernel.org/stable/c/dbdfaae9609629a9569362e3b8f33d0a20fd783c
- https://git.kernel.org/stable/c/ec8bf0571b142f29dc0b68ae2ac3952f7a464b38