Wander Lairson Costa <wander@xxxxxxxxxx> wrote: > The opt_num field is controlled by user mode and is not currently > validated inside the kernel. An attacker can take advantage of this to > trigger an OOB read and potentially leak information. [..] Can you send a v2 that rejects bogus nf_osf_user_finger structs? nfnl_osf_add_callback() seems to be the right place to refuse it.
