160 matches found
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsetpipapo: clamp the maximum map bucket size to INTMAX Otherwise, a WARNONONCE error may occur in kvmallocnodenoprof when resizing the hashtable, because GFPNOWARN is not set. Similar issues include: b541ba7d1f5a...
EUVD-2026-32339
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic...
UBUNTU-CVE-2026-45873
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic...
CVE-2026-45873
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic...
CVE-2026-45873
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic...
CVE-2026-45873 netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic...
CVE-2026-45873
CVE-2026-45873 concerns Linux kernel netfilter nft_set_rbtree. The issue arises from partial overlap detection for anonymous sets where adjacent intervals omit end elements, allowing overlaps such as A-B and A-C with C
CVE-2026-45873
netfilter: nftsetrbtree: check for partial overlaps in anonymous sets...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the local overlap detection logic in netfilter’s nftsetrbtree. This logic skips the initial eleme...
Linux Distros Unpatched Vulnerability : CVE-2026-45873
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the e...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsethash: Unaligned atomic read on struct nftsetext Access to the genmask field in struct nftsetext results in an unaligned atomic read: 72.130109 Unable to handle kernel paging requests at virtual address...
Astra Linux – Vulnerability in Linux 5.10, Linux
A issue was discovered in the Linux kernel through version 5.18.9. A type confusion bug in nftseteleminit could be exploited by a local attacker to escalate privileges. This is a different vulnerability than CVE-2022-32250. The attacker can obtain root access, but must start with an unprivileged...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsetrbtree: Fixed an issue with overlapping expiration walks. The lazy garbage collection during insertion, which should remove entries when the timeout occurs, fails to properly release the remaining part of the...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftsetrbtree: fixed a null dereference issue when inserting elements into the RBTree structure. There is no guarantee that rbprev will not return NULL in nftrbtreegcelem: General protection faults, likely due to an...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: do not free live element Pablo reported a crash when processing large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: addelem"00000000" timeout 100 ms ... addelem"0000000X"...
Astra Linux – Vulnerability in Linux 5.10
The nftablesnewset function in net/netfilter/nftablesapi.c in the Linux kernel before version 5.12.13 allows local users to cause a denial of service due to NULL pointer dereferencing and general protection faults, caused by the absence of initialization for nftsetelemexpralloc. A local user can...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: skip end interval element from gc Lazy garbage collection for rbtree during insertions may collect end interval elements that have just been added during these transactions. These elements are skipped, as...
CVE-2026-43453
A flaw was found in the Linux kernel's netfilter component, specifically within the nftsetpipapo module. The pipapodrop function performs a stack out-of-bounds read. This occurs when an argument is evaluated at the call site before the function body executes, leading to a read beyond the allocate...
UBUNTU-CVE-2026-43453
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: fix stack out-of-bounds read in pipapodrop pipapodrop passes rulemapi + 1.n to pipapounmap as the tooffset argument on every iteration, including the last one where i == m-fieldcount - 1. This reads one...
PT-2026-39114
Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.10 through 6.19 Description A stack out-of-bounds read exists in the nftables pipapo set backend within the pipapo drop function. The issue occurs because the function passes rulemapi + 1.n to pipapo unmap as the to...