{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-52999/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-28T06:37:49.457Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-52999","@id":"https://www.cve.org/CVERecord?id=CVE-2026-52999","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_osf: fix out-of-bounds read on option matching\n\nIn nf_osf_match(), the nf_osf_hdr_ctx structure is initialized once\nand passed by reference to nf_osf_match_one() for each fingerprint\nchecked. During TCP option parsing, nf_osf_match_one() advances the\nshared ctx->optp pointer.\n\nIf a fingerprint perfectly matches, the function returns early without\nrestoring ctx->optp to its initial state. If the user has con"},"products":[{"@id":"cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:linux:linux:5.0:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:linux:linux:5.0:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 0, 0145548346c4a30981a870a8ca00eac46ba27e85, 1c136f2c44a5913646bac85303612fd0825197a0, 1e19a07291bb8682c14c39a64725a3ae54ab8ccc, 21883587593d7c8bb519a79460a0b5bc5ffbdabd, 32e50f92c7cf3f4eba29622179a5fcdc2aebab41, 4.20, 4.21, 5.10.258, 5.15.209, 6.1.175, 6.6.141, 6.12.91, 6.18.33, 7.0.10, 7.1, 70a3f31d25cf2ec9d4ddfa408120171ead955623, edb78a142d2e5948e63647c0646aa7e7886935f0, f5ca450087c3baf3651055e7a6de92600f827af3.","timestamp":"2026-06-28T06:37:49.457Z"}]}