CVE-2026-46324 netfilter: nf_tables: use list_del_rcu for netlink hooks

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use listdelrcu for netlink hooks nftnetdevunregisterhooks and nftunregisterflowtablenethooks need to use listdelrcu, this list can be walked by concurrent dumpers. Add a new helper and use it consistently...

CVE-2026-46324

The CVE-2026-46324 entry relates to the Linux kernel netfilter nf_tables. The vulnerability was addressed by making nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks use list_del_rcu(), preventing concurrent dumpers from traversing the affected list. A new helper was added and ...

EUVD-2026-35414

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use listdelrcu for netlink hooks nftnetdevunregisterhooks and nftunregisterflowtablenethooks need to use listdelrcu, this list can be walked by concurrent dumpers. Add a new helper and use it consistently...

PT-2026-47761

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf tables: use list del rcu for netlink hooks nft netdev unregister hooks and nft unregister flowtable net hooks need to use list del rcu, this list can be walked by concurrent dumpers. Add a new helper and use it...

EUVD-2025-28948

Malicious code in bioql PyPI...

netfilter: ctnetlink: remove refcounting in expectation dumpers

...

AZL-70828 CVE-2025-39764 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: remove refcounting in expectation dumpers Same pattern as previous patch: do not keep the expectation object alive via refcount, only store a cookie value and then use that as the skip hint for dump...

CVE-2025-39764

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: remove refcounting in expectation dumpers Same pattern as previous patch: do not keep the expectation object alive via refcount, only store a cookie value and then use that as the skip hint for dump...

DEBIAN-CVE-2025-39764

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: remove refcounting in expectation dumpers Same pattern as previous patch: do not keep the expectation object alive via refcount, only store a cookie value and then use that as the skip hint for dump...

AZL-67160 CVE-2025-39764 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: remove refcounting in expectation dumpers Same pattern as previous patch: do not keep the expectation object alive via refcount, only store a cookie value and then use that as the skip hint for dump...

CVE-2025-39764 netfilter: ctnetlink: remove refcounting in expectation dumpers

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: remove refcounting in expectation dumpers Same pattern as previous patch: do not keep the expectation object alive via refcount, only store a cookie value and then use that as the skip hint for dump...

CVE-2025-39764 netfilter: ctnetlink: remove refcounting in expectation dumpers

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: remove refcounting in expectation dumpers Same pattern as previous patch: do not keep the expectation object alive via refcount, only store a cookie value and then use that as the skip hint for dump...

PT-2025-37222

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The netfilter component in the Linux kernel contains an issue in the ctnetlink module related to expectation dumpers. A flaw exists where the refcount of an expectation object may be...