1210 matches found
CVE-2026-46101
In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in nftbitwise Reject zero shift operands for nftbitwise left and right shift expressions during initialization. The carry propagation logic computes the carry from the adjacent 32-bit word using...
CVE-2026-45901
The CVE-2026-45901 issue affects the Linux kernel netfilter nf_tables implementation. The root cause is a circular lock dependency among commit_mutex, nfnl_subsys_ipset, and nlk_cb_mutex that can occur when nft reset, ipset list, and iptables-nft with a -m set rule run concurrently, potentially l...
CVE-2026-45901 netfilter: nf_tables: revert commit_mutex usage in reset path
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: revert commitmutex usage in reset path It causes circular lock dependency between commitmutex, nfnlsubsysipset and nlkcbmutex when nft reset, ipset list, and iptables-nft with '-m set' rule run at the same...
CVE-2026-45897
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftcounter: serialize reset with spinlock Add a global static spinlock to serialize counter fetch+reset operations, preventing concurrent dump-and-reset from underrunning values. The lock is taken before fetching the...
CVE-2026-45897
The CVE-2026-45897 entry concerns the Linux kernel netfilter nft_counter: serialize reset with spinlock vulnerability. A global static spinlock was added to serialize concurrent counter fetch+reset operations, preventing two parallel resets from underrunning values when dumping and resetting coun...
CVE-2026-45897 netfilter: nft_counter: serialize reset with spinlock
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftcounter: serialize reset with spinlock Add a global static spinlock to serialize counter fetch+reset operations, preventing concurrent dump-and-reset from underrunning values. The lock is taken before fetching the...
CVE-2026-45873 netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic...
CVE-2026-45873
CVE-2026-45873 concerns Linux kernel netfilter nft_set_rbtree. The issue arises from partial overlap detection for anonymous sets where adjacent intervals omit end elements, allowing overlaps such as A-B and A-C with C
CVE-2026-45873 netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic...
CVE-2026-45873
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the local overlap detection logic in netfilter’s nftsetrbtree. This logic skips the initial eleme...
CVE-2026-45897
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftcounter: serialize reset with spinlock Add a global static spinlock to serialize counter fetch+reset operations, preventing concurrent dump-and-reset from underrunning values. The lock is taken before fetching the...
PT-2026-43764
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter nft counter component where concurrent dump-and-reset operations can lead to value underrunning. This occurs because parallel resets may read the same...
PT-2026-43768
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A circular lock dependency exists within the netfilter nf tables component. This issue occurs when nft reset, ipset list, and iptables-nft with the -m set rule are executed simultaneousl...
CVE-2026-45873
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic...
Linux Distros Unpatched Vulnerability : CVE-2026-45901
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftables: revert commitmutex usage in reset path It causes circular lock dependency between commitmutex, nfnlsubsysipset and nlkcbmutex when nft rese...
Linux Distros Unpatched Vulnerability : CVE-2026-45873
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftsetrbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the e...
Linux Distros Unpatched Vulnerability : CVE-2026-46101
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: reject zero shift in nftbitwise Reject zero shift operands for nftbitwise left and right shift expressions during initialization. The carry propagati...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftlimit: avoided a possible division error in nftlimitinit divu64 divides an u64 value by an u32 value. nftlimitinit attempts to divide an u64 value by another u64 value; the appropriate math function div64u64 shou...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables – There is a possibility of module reference underflow in the error path. When nftexprclone fails, dst-ops is set. However, the module reference count has not been updated yet. As a result, nftexprdestroy...