Description: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
References:
Notes:
 carnil> Introduced in 857b46027d6f ("netfilter: nft_ct: add ct expectations support").
 carnil> Vulnerable versions: 5.3-rc1.
Bugs:
upstream: released (6.8-rc3) [8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4]
6.7-upstream-stable: released (6.7.4) [38cc1605338d99205a263707f4dde76408d3e0e8]
6.6-upstream-stable: released (6.6.16) [cfe3550ea5df292c9e2d608e8c4560032391847e]
6.1-upstream-stable: released (6.1.77) [0f501dae16b7099e69ee9b0d5c70b8f40fd30e98]
5.10-upstream-stable: released (5.10.210) [65ee90efc928410c6f73b3d2e0afdd762652c09d]
4.19-upstream-stable: N/A "Vulnerable code not present"
sid: released (6.7.7-1)
6.1-bookworm-security: released (6.1.82-1)
5.10-bullseye-security: needed
4.19-buster-security: N/A "Vulnerable code not present"