155 matches found
EUVD-2026-32339
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic...
UBUNTU-CVE-2026-45873
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic...
CVE-2026-45873
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic...
CVE-2026-45873 netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic...
CVE-2026-45873
The CVE concerns the Linux kernel netfilter component nft_set_rbtree. It fixes an issue where the partial overlap detection logic incorrectly skipped overlap checks for start elements in anonymous sets that use an optimized adjacent-interval representation (end element omitted). Specifically, two...
CVE-2026-45873
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic...
Linux Distros Unpatched Vulnerability : CVE-2026-45873
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an...
CVE-2026-45873
netfilter: nftsetrbtree: check for partial overlaps in anonymous sets...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the local overlap detection logic in netfilter’s nftsetrbtree. This logic skips the initial eleme...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: Do not free the live element. Pablo reported a crash when processing large batches of elements with a back-to-back add/remove pattern. According to Pablo: addelem"00000000" timeout 100 ms …...
Astra Linux - уязвимость в linux-5.10
The nftablesnewset function in net/netfilter/nftablesapi.c in the Linux kernel before version 5.12.13 allows local users to cause a denial of service due to NULL pointer dereferencing and general protection faults, caused by the absence of initialization for nftsetelemexpralloc. A local user can...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsetrbtree: Fix for overlapping expiration handling during walks. The lazy garbage collection mechanism during insertion, which should remove entries when the timeout occurs, fails to properly release the remainin...
CVE-2026-43453
A flaw was found in the Linux kernel's netfilter component, specifically within the nftsetpipapo module. The pipapodrop function performs a stack out-of-bounds read. This occurs when an argument is evaluated at the call site before the function body executes, leading to a read beyond the allocate...
UBUNTU-CVE-2026-43453
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: fix stack out-of-bounds read in pipapodrop pipapodrop passes rulemapi + 1.n to pipapounmap as the tooffset argument on every iteration, including the last one where i == m-fieldcount - 1. This reads one...
PT-2026-39114
Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.10 through 6.19 Description A stack out-of-bounds read exists in the nftables pipapo set backend within the pipapo drop function. The issue occurs because the function passes rulemapi + 1.n to pipapo unmap as the to...
CVE-2026-43114
A flaw was found in the Linux kernel's netfilter component. This vulnerability, located in the nftsetpipapoavx2 functionality, is caused by incorrect data processing during AVX2 matching operations. This can lead to the system incorrectly identifying or matching network data entries within...
CVE-2026-43114
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapoavx2: don't return non-matching entry on expiry New test case fails unexpectedly when avx2 matching functions are used. The test first loads a ranomly generated pipapo set with 'ipv4 . port' key, i.e. nft -...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by an error in the mask used by the nftsetpipapoavx2 function when matching expired entries, which may lead...
PT-2026-37424
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the netfilter component, specifically within the nft set pipapo avx2 function. When AVX2 matching functions are used, the system may incorrectly return a non-matching...
Astra Linux - уязвимость в linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: fix null deref on element insertion There is no guarantee that rbprev will not return NULL in nftrbtreegcelem: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 1 PREEM...