Description: netfilter: nf_tables_offload: incorrect flow offload action array size
References:
 https://www.openwall.com/lists/oss-security/2022/02/21/2
 https://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf.git/commit/?id=b1a5983f56e371046dcf164f90bfaf704d2b89f6
 https://github.com/Bonfee/CVE-2022-25636
 https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
Notes:
 carnil> Introduced in be2861dc36d7 ("netfilter: nft_{fwd,dup}_netdev:
 carnil> add offload support") in 5.4-rc1.
Bugs:
upstream: released (5.17-rc6) [b1a5983f56e371046dcf164f90bfaf704d2b89f6]
5.10-upstream-stable: released (5.10.103) [68f19845f580a1d3ac1ef40e95b0250804e046bb]
4.19-upstream-stable: N/A "Vulnerable code not present"
4.9-upstream-stable: N/A "Vulnerable code not present"
sid: released (5.16.11-1) [bugfix/all/netfilter-nf_tables_offload-incorrect-flow-offload-a.patch]
5.10-bullseye-security: released (5.10.103-1)
4.19-buster-security: N/A "Vulnerable code not present"
4.9-stretch-security: N/A "Vulnerable code not present"