6 matches found
CVE-2024-26925
CVE-2024-26925 affects the Linux kernel nf_tables component. The issue arises when the commit mutex is released during the abort path between nft_gc_seq_begin() and nft_gc_seq_end(), allowing an asynchronous GC worker to collect expired objects and obtain the released commit lock within the same ...
CVE-2026-23111
CVE-2026-23111 (Linux kernel) : A bug in netfilter nf_tables nft_map_catchall_activate() inverted the genmask check, causing catchall elements to be processed incorrectly during abort of a DELSET operation. The function skipped inactive elements and processed active ones, leading to a use-after-f...
CVE-2023-52925
CVE-2023-52925 relates to the Linux kernel nf_tables code. The vulnerability concerns how nf_tables handles inserts for duplicate set entries when some duplicates have expired. The description states that the system should ignore expired duplicates and not fail inserts, noting an asymmetry in nft...
CVE-2026-46324
CVE-2026-46324 concerns the Linux kernel’s nf_tables netlink hook handling. The vuln is fixed by replacing use of list_del_rcu() for nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks to prevent concurrent dumpers from walking the list while it’s modified. A new helper was added...
CVE-2026-23278
CVE-2026-23278 (Linux kernel nf_tables catchall handling) The issue occurs in netfilter nf_tables where, during transaction processing, a map holding catchall elements being removed may require toggling all pending catchall elements, not just the first viable candidate. If the map is also being f...
CVE-2026-45873
CVE-2026-45873 concerns Linux kernel netfilter nft_set_rbtree. The issue arises from partial overlap detection for anonymous sets where adjacent intervals omit end elements, allowing overlaps such as A-B and A-C with C