14 matches found
EUVD-2026-38856
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: join hook list via splicelistrcu in commit phase Publish new hooks in the list into the basechain/flowtable using splicelistrcu to ensure netlink dump list traversal via rcu is safe while concurrent ruleset...
CVE-2026-52988 netfilter: nf_tables: join hook list via splice_list_rcu() in commit phase
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: join hook list via splicelistrcu in commit phase Publish new hooks in the list into the basechain/flowtable using splicelistrcu to ensure netlink dump list traversal via rcu is safe while concurrent ruleset...
CVE-2026-52988
The CVE-2026-52988 issue affects the Linux kernel netfilter nf_tables code, specifically the join hook list updated via splice_list_rcu() during commit phases. The vulnerability arises when new hooks are published to the basechain/flowtable while a concurrent ruleset update is ongoing, potentiall...
UBUNTU-CVE-2026-23351
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: split gc into unlink and reclaim phase Yiming Qian reports Use-after-free in the pipapo set type: Under a large number of expired elements, commit-time GC can run for a very long time in a non-preemptible...
CVE-2023-52924 netfilter: nf_tables: don't skip expired elements during walk
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map "1.2.3.4 : jump foo" 2. timeouts are enabl...
kernel: netfilter: nf_tables: discard table flag update with pending basechain deletion
This CVE involves a flaw in the Linux kernel's nftables component, part of the Netfilter framework used for packet filtering and firewall functionalities. The vulnerability arises when a table's dormant flag is updated while there's a pending deletion of a base chain. In such cases, the...
kernel: netfilter: nf_tables: discard table flag update with pending basechain deletion
This CVE involves a flaw in the Linux kernel's nftables component, part of the Netfilter framework used for packet filtering and firewall functionalities. The vulnerability arises when a table's dormant flag is updated while there's a pending deletion of a base chain. In such cases, the...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a vulnerability due to incomplete USB endpoint checking that could result in the wrong endpoint type being use...
kernel: netfilter: nf_tables: discard table flag update with pending basechain deletion
This CVE involves a flaw in the Linux kernel's nftables component, part of the Netfilter framework used for packet filtering and firewall functionalities. The vulnerability arises when a table's dormant flag is updated while there's a pending deletion of a base chain. In such cases, the...
kernel: netfilter: nf_tables: discard table flag update with pending basechain deletion
This CVE involves a flaw in the Linux kernel's nftables component, part of the Netfilter framework used for packet filtering and firewall functionalities. The vulnerability arises when a table's dormant flag is updated while there's a pending deletion of a base chain. In such cases, the...
SUSE CVE-2024-35897
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: discard table flag update with pending basechain deletion Hook unregistration is deferred to the commit phase, same occurs with hook updates triggered by the table dormant flag. When both commands are combine...
DEBIAN-CVE-2024-35897
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: discard table flag update with pending basechain deletion Hook unregistration is deferred to the commit phase, same occurs with hook updates triggered by the table dormant flag. When both commands are combine...
UBUNTU-CVE-2024-35897
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: discard table flag update with pending basechain deletion Hook unregistration is deferred to the commit phase, same occurs with hook updates triggered by the table dormant flag. When both commands are combine...
UBUNTU-CVE-2024-35900
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject new basechain after table flag update When dormant flag is toggled, hooks are disabled in the commit phase by iterating over current chains in table existing and new. The following configuration allows...