343 matches found
netfilter: ipset: stop hash:* range iteration at end
...
CVE-2026-53131
In the Linux kernel, the following vulnerability has been resolved: netfilter: require Ethernet MAC header before using ethhdr ip6teui64, xtmac, the bitmap:ip,mac, hash:ip,mac, and hash:mac ipset types, and nflogsyslog access ethhdrskb after either assuming that the skb is associated with an...
UBUNTU-CVE-2026-53131
In the Linux kernel, the following vulnerability has been resolved: netfilter: require Ethernet MAC header before using ethhdr ip6teui64, xtmac, the bitmap:ip,mac, hash:ip,mac, and hash:mac ipset types, and nflogsyslog access ethhdrskb after either assuming that the skb is associated with an...
CVE-2026-53131 netfilter: require Ethernet MAC header before using eth_hdr()
In the Linux kernel, the following vulnerability has been resolved: netfilter: require Ethernet MAC header before using ethhdr ip6teui64, xtmac, the bitmap:ip,mac, hash:ip,mac, and hash:mac ipset types, and nflogsyslog access ethhdrskb after either assuming that the skb is associated with an...
PT-2026-52227
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the netfilter component, several modules access the eth hdrskb function without properly verifying that the socket buffer skb is associated with an Ethernet device or that a valid MAC...
CVE-2026-52921
A flaw was found in the Linux kernel's netfilter ipset component. Specifically, certain hash set variants such as hash:ip,mark and hash:ip,port that iterate IPv4 ranges with a 32-bit iterator do not correctly stop at the end of the requested range. This can cause the iteration to advance beyond t...
CVE-2026-52921
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: stop hash: range iteration at end The following hash set variants: hash:ip,mark hash:ip,port hash:ip,port,ip hash:ip,port,net iterate IPv4 ranges with a 32-bit iterator. The iterator must stop once the last...
UBUNTU-CVE-2026-52921
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: stop hash: range iteration at end The following hash set variants: hash:ip,mark hash:ip,port hash:ip,port,ip hash:ip,port,net iterate IPv4 ranges with a 32-bit iterator. The iterator must stop once the last...
CVE-2026-52921
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: stop hash: range iteration at end The following hash set variants: hash:ip,mark hash:ip,port hash:ip,port,ip hash:ip,port,net iterate IPv4 ranges with a 32-bit iterator. The iterator must stop once the last...
EUVD-2026-38724
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: stop hash: range iteration at end The following hash set variants: hash:ip,mark hash:ip,port hash:ip,port,ip hash:ip,port,net iterate IPv4 ranges with a 32-bit iterator. The iterator must stop once the last...
CVE-2026-52921
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: stop hash: range iteration at end The following hash set variants: hash:ip,mark hash:ip,port hash:ip,port,ip hash:ip,port,net iterate IPv4 ranges with a 32-bit iterator. The iterator must stop once the last...
CVE-2026-52921
CVE-2026-52921 : In the Linux kernel, netfilter ipset hash:* range iteration could continue past the upper bound when iterating IPv4 ranges, due to a 32-bit iterator not stopping at the end. This allowed traversal state to move past the requested boundary and potentially affect retries. The issue...
CVE-2026-52921 netfilter: ipset: stop hash:* range iteration at end
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: stop hash: range iteration at end The following hash set variants: hash:ip,mark hash:ip,port hash:ip,port,ip hash:ip,port,net iterate IPv4 ranges with a 32-bit iterator. The iterator must stop once the last...
PT-2026-51714
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter ipset component where specific hash set variants—hash:ip,mark, hash:ip,port, hash:ip,port,ip, and hash:ip,port,net—iterate IPv4 ranges using a 32-bit...
Linux Distros Unpatched Vulnerability : CVE-2026-52921
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: ipset: stop hash: range iteration at end The following hash set variants: hash:ip,mark hash:ip,port hash:ip,port,ip hash:ip,port,net iterate IPv4...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: dropping logically empty buckets in mtypedel The mtypedel function counts empty slots below n-pos in k, but it only drops the bucket when both n-pos and k are zero. This means that buckets whose live entries hav...
SUSE CVE-2026-45901
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: revert commitmutex usage in reset path It causes circular lock dependency between commitmutex, nfnlsubsysipset and nlkcbmutex when nft reset, ipset list, and iptables-nft with '-m set' rule run at the same...
CVE-2026-45901
A flaw was found in the Linux kernel's netfilter nftables component. This vulnerability allows a local attacker to cause a denial of service DoS by triggering a circular lock dependency. This occurs when nft reset, ipset list, and iptables-nft with a '-m set' rule are executed concurrently, leadi...
EUVD-2026-32367
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: revert commitmutex usage in reset path It causes circular lock dependency between commitmutex, nfnlsubsysipset and nlkcbmutex when nft reset, ipset list, and iptables-nft with '-m set' rule run at the same...
CVE-2026-45901
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: revert commitmutex usage in reset path It causes circular lock dependency between commitmutex, nfnlsubsysipset and nlkcbmutex when nft reset, ipset list, and iptables-nft with '-m set' rule run at the same...