13 matches found
CVE-2024-26925
CVE-2024-26925 affects the Linux kernel nf_tables component. The issue arises when the commit mutex is released during the abort path between nft_gc_seq_begin() and nft_gc_seq_end(), allowing an asynchronous GC worker to collect expired objects and obtain the released commit lock within the same ...
CVE-2024-27065
CVE-2024-27065 is a Linux kernel issue affecting nf_tables: the verifier could incorrectly compare internal table flags during updates. The public advisories in connected documents reference a fix that “restores skipping transaction if table update does not modify flags,” applied as part of kerne...
CVE-2024-35900
CVE-2024-35900 affects the Linux kernel nf_tables (netfilter). The issue arises when the dormant table flag is toggled; during commit, hooks are iterated across both existing and new chains, which can lead to an inconsistent state. This may trigger a warning when unregistering a chain that is alr...
CVE-2024-56690
CVE-2024-56690 : Linux kernel crypto: pcrypt fix for -EBUSY/-EAGAIN. After commit 8f4f68e7, padata_do_parallel() may return -EAGAIN for pcrypt encrypt/decrypt when CPUs go online/offline, triggering a WARN/panic under panic_on_warn. The remediation is to call the crypto layer directly (no paralle...
CVE-2024-26581
CVE-2024-26581 affects the Linux kernel netfilter nft_set_rbtree end-interval GC logic, where rbtree lazy GC on insert could skip an end-interval element just added in the same transaction, potentially enabling privilege/escalation impact for local attackers. Affected: Linux kernel versions with ...
CVE-2024-53237
CVE-2024-53237 is a Linux kernel vulnerability describing a use-after-free in the Bluetooth device lifecycle, specifically in the function device_for_each_child. The issue was surfaced by KASAN and tied to a scenario where a parent device could be freed while a child device still holds a referenc...
CVE-2026-23111
CVE-2026-23111 (Linux kernel) : A bug in netfilter nf_tables nft_map_catchall_activate() inverted the genmask check, causing catchall elements to be processed incorrectly during abort of a DELSET operation. The function skipped inactive elements and processed active ones, leading to a use-after-f...
CVE-2024-26835
CVE-2024-26835 affects the Linux kernel nf_tables (netfilter). When memory pressure causes hook registration to fail, a table can be marked active with no registered hooks, and on table/base chain deletion nf_tables may unregister hooks again, causing a core warn. The connected documents confirm ...
CVE-2024-35897
CVE-2024-35897 – Normalized details: In the Linux kernel, a nf_tables (netfilter) issue was resolved: when performing a table flag update with a pending basechain deletion, hook unregistration is deferred to the commit phase. This sequence can delete a basechain while its hook remains registered ...
CVE-2023-52925
CVE-2023-52925 relates to the Linux kernel nf_tables code. The vulnerability concerns how nf_tables handles inserts for duplicate set entries when some duplicates have expired. The description states that the system should ignore expired duplicates and not fail inserts, noting an asymmetry in nft...
CVE-2026-46324
CVE-2026-46324 concerns the Linux kernel’s nf_tables netlink hook handling. The vuln is fixed by replacing use of list_del_rcu() for nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks to prevent concurrent dumpers from walking the list while it’s modified. A new helper was added...
CVE-2026-23278
CVE-2026-23278 (Linux kernel nf_tables catchall handling) The issue occurs in netfilter nf_tables where, during transaction processing, a map holding catchall elements being removed may require toggling all pending catchall elements, not just the first viable candidate. If the map is also being f...
CVE-2026-45873
CVE-2026-45873 concerns Linux kernel netfilter nft_set_rbtree. The issue arises from partial overlap detection for anonymous sets where adjacent intervals omit end elements, allowing overlaps such as A-B and A-C with C