In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO
nf_osf_match_one() computes ctx->window % f->wss.val in the
OSF_WSS_MODULO branch with no guard for f->wss.val == 0. A
CAP_NET_ADMIN user can add such a fingerprint via nfnetlink; a
subsequent matching TCP SYN divides by zero and panics the kernel.
Reject the bogus fingerprint in nfnl_osf_add_callback() above the
per-option for-loop. f->wss is per-fingerprint, not per-option, so
the check must run regardless of f->opt_num (including 0). Also
reject wss.wc >= OSF_WSS_MAX; nf_osf_match_one() already treats that
as "should not happen".
Crash:
Oops: divide error: 0000 [#1] SMP KASAN NOPTI
RIP: 0010:nf_osf_match_one (net/netfilter/nfnetlink_osf.c:98)
Call Trace:
<IRQ>
nf_osf_match (net/netfilter/nfnetlink_osf.c:220)
xt_osf_match_packet (net/netfilter/xt_osf.c:32)
ipt_do_table (net/ipv4/netfilter/ip_tables.c:348)
nf_hook_slow (net/netfilter/core.c:622)
ip_local_deliver (net/ipv4/ip_input.c:265)
ip_rcv (include/linux/skbuff.h:1162)
__netif_receive_skb_one_core (net/core/dev.c:6181)
process_backlog (net/core/dev.c:6642)
__napi_poll (net/core/dev.c:7710)
net_rx_action (net/core/dev.c:7945)
handle_softirqs (kernel/softirq.c:622)
References
Configurations
Configuration 1 (hide)
|
History
26 Jun 2026, 18:52
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-369 | |
| References | () https://git.kernel.org/stable/c/0694618cf3e9b120666e31f5f383a6e466d95a0d - Patch | |
| References | () https://git.kernel.org/stable/c/2195574dc6d9017d32ac346987e12659f931d932 - Patch | |
| References | () https://git.kernel.org/stable/c/26900306a5a2c3e4f75c643a064525526bb6e5f3 - Patch | |
| References | () https://git.kernel.org/stable/c/8def8fbd23f40e945febe913d04b731012ce0082 - Patch | |
| References | () https://git.kernel.org/stable/c/9a05e195618a6d474f2bcd5b6376d0ffc2f00366 - Patch | |
| References | () https://git.kernel.org/stable/c/c55940895245d8ef658ab381248a28755218d625 - Patch | |
| References | () https://git.kernel.org/stable/c/cb833bbc1b3c51e08652d3c86298307c07d3f2db - Patch | |
| References | () https://git.kernel.org/stable/c/fb965b1cfe92b28d28b5ebe3116b81dbef9f2d2f - Patch | |
| CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
| First Time |
Linux linux Kernel
Linux |
01 Jun 2026, 17:17
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
27 May 2026, 11:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-27 11:16
Updated : 2026-06-26 18:52
NVD link : CVE-2026-45841
Mitre link : CVE-2026-45841
CVE.ORG link : CVE-2026-45841
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-369
Divide By Zero
