A Linux Kernel flaw found in the net/netfilter/nfnetlink_queue.c. If local user creates netfilter rule that truncates the packet below the header size, the skb_pull() will result in a malformed skb (skb->len < 0). As result, denial of service could happen after incorrect check in nfqnl_mangle function. Fixes: 7af4cc3fa158 ("[NETFILTER]: Add "nfnetlink_queue" netfilter queue handler over nfnetlink") Reference: https://lore.kernel.org/all/20220726104206.2036-1-fw@strlen.de/t/
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2116157]
This was fixed for Fedora with the 5.18.16 stable kernel update.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7444 https://access.redhat.com/errata/RHSA-2022:7444
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7683 https://access.redhat.com/errata/RHSA-2022:7683
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:7933 https://access.redhat.com/errata/RHSA-2022:7933
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8267 https://access.redhat.com/errata/RHSA-2022:8267
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-36946
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0724