50 matches found
CVE-2026-53219
A flaw was found in the Linux kernel's netfilter xtables component. This vulnerability allows for information disclosure due to improper handling of percpu counter pointers during the copying of rule entry headers to userspace. A local attacker could exploit this by causing a fault in a userspace...
EUVD-2026-39310
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: avoid leaking percpu counter pointers The native and compat get-entries paths copy the fixed rule entry header from the kernelized rule blob to userspace before overwriting the entry's counter fields with a...
Astra Linux - уязвимость в linux
A issue was discovered in the Linux kernel before version 5.11.11. The netfilter subsystem allows attackers to cause a denial of service panic because net/netfilter/xtables.c and include/linux/netfilter/xtables.h lack a proper memory barrier when assigning a new table value, known as...
CVE-2026-43452
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: guard option walkers against 1-byte tail reads When the last byte of options is a non-single-byte option kind, walkers that advance with i += opi + 1 ? : 1 can read opi + 1 past the end of the option area. Add...
CVE-2026-43452
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: guard option walkers against 1-byte tail reads When the last byte of options is a non-single-byte option kind, walkers that advance with i += opi + 1 ? : 1 can read opi + 1 past the end of the option area. Add...
CVE-2026-43452 netfilter: x_tables: guard option walkers against 1-byte tail reads
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: guard option walkers against 1-byte tail reads When the last byte of options is a non-single-byte option kind, walkers that advance with i += opi + 1 ? : 1 can read opi + 1 past the end of the option area. Add...
CVE-2026-43452
CVE-2026-43452 affects the Linux kernel netfilter x_tables option walkers (xt_tcpudp and xt_dccp). The vulnerability arises when processing packet options: walkers that increment with i += op[i + 1] ? : 1 can read op[i + 1] past the end of the option area, enabling an out-of-bounds read. Multiple...
CVE-2026-43452
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: guard option walkers against 1-byte tail reads When the last byte of options is a non-single-byte option kind, walkers that advance with i += opi + 1 ? : 1 can read opi + 1 past the end of the option area. Add...
PT-2026-39113
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the netfilter x tables component allows for 1-byte tail reads. This occurs when the last byte of options is a non-single-byte option kind, causing walkers that advance using i ...
SUSE CVE-2026-43028
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: ensure names are nul-terminated Reject names that lack a \0 character before feeding them to functions that expect c-strings. Fixes tag is the most recent commit that needs this change...
CVE-2026-43028
A flaw was found in the Linux kernel's netfilter xtables component. This vulnerability arises from the system's failure to ensure that certain names are properly ended with a null character before being used by functions designed for standard text strings. This oversight could lead to incorrect...
CVE-2026-43028
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: ensure names are nul-terminated Reject names that lack a \0 character before feeding them to functions that expect c-strings. Fixes tag is the most recent commit that needs this change...
CVE-2026-43028
The CVE-2026-43028 vulnerability affects the Linux kernel netfilter x_tables component. The root cause is that certain names were not guaranteed to be nul-terminated before being passed to functions that expect C strings, which could lead to misprocessing, system instability, or hazardous behavio...
CVE-2026-43028 netfilter: x_tables: ensure names are nul-terminated
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: ensure names are nul-terminated Reject names that lack a \0 character before feeding them to functions that expect c-strings. Fixes tag is the most recent commit that needs this change...
CVE-2026-43028
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: ensure names are nul-terminated Reject names that lack a \0 character before feeding them to functions that expect c-strings. Fixes tag is the most recent commit that needs this change...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to ensure that names end with a null character in netfilter xtables, which could lead to undefined...
netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP
...
CVE-2026-31424
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: restrict xtcheckmatch/xtchecktarget extensions for NFPROTOARP Weiming Shi says: xtmatch and xttarget structs registered with NFPROTOUNSPEC can be loaded by any protocol family through nftcompat. When such a...
UBUNTU-CVE-2026-31424
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: restrict xtcheckmatch/xtchecktarget extensions for NFPROTOARP Weiming Shi says: xtmatch and xttarget structs registered with NFPROTOUNSPEC can be loaded by any protocol family through nftcompat. When such a...
CVE-2026-31424
In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: restrict xtcheckmatch/xtchecktarget extensions for NFPROTOARP Weiming Shi says: xtmatch and xttarget structs registered with NFPROTOUNSPEC can be loaded by any protocol family through nftcompat. When such a...