Wander Lairson Costa <[email protected]> wrote:
> The opt_num field is controlled by user mode and is not currently
> validated inside the kernel. An attacker can take advantage of this to
> trigger an OOB read and potentially leak information.
[..]
Can you send a v2 that rejects bogus nf_osf_user_finger structs?
nfnl_osf_add_callback() seems to be the right place to refuse it.