CVE-2026-45841

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A divide-by-zero error exists in the netfilter component within the nf osf match one() function. The issue occurs in the OSF WSS MODULO branch when calculating ctx->window % f->wss.val without verifying if f->wss.val is zero. A user with CAP NET ADMIN privileges can add a malicious fingerprint via nfnetlink, which causes a kernel panic when a matching TCP SYN packet is processed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.