Vulnerability in Linux Kernel Related to Option Length Validation

CVE-2026-23397

What is CVE-2026-23397?

A vulnerability in the Linux kernel's nfnetlink_osf module arises from improper validation of individual option lengths in fingerprints. The function nfnl_osf_add_callback() fails to adequately check option lengths, leading to scenarios where zero-length options permit function nf_osf_match_one() to incorrectly enter its matching loop. This behavior results in possible general protection faults if the context's option pointer (ctx->optp) is NULL. Furthermore, an incorrect check for Maximum Segment Size (MSS) options can lead to out-of-bounds reads, as the function assumes an MSS option length of exactly 4 bytes. To mitigate these risks, it is essential to reject packets with zero-length options or incorrectly sized MSS options at the time of addition, prior to reaching critical packet matching paths.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References