Impact
The kernel bug in nfnetlink_osf stems from a shared context pointer that is not When NF_OSF_LOGLEVEL_ALL is enabled, the parsing pointer can advance beyond the end of the TCP option buffer, causing an out‑of‑bounds read. This results in incorrect or missing log entries rather than a kernel crash. The flaw is formally identified as an out‑of‑bounds read (CWE‑125).
Affected Systems
All Linux kernel distributions that include the nfnetlink_osf component are potentially vulnerable. The generic CPE string indicates no specific version constraints; any kernel build containing nfnetlink_osf could exhibit the issue.
Risk and Exploitability
The severity of the issue is high (CVSS 9.1) and the EPSS score is below 1 %, indicating a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. While the description mentions that the bug occurs when NF_OSF_LOGLEVEL_ALL is enabled, the exact privilege requirements for toggling this setting are not specified in the available data. time of this analysis.
OpenCVE Enrichment
Debian DLA