CVE-2026-45873
MEDIUMnetfilter: nft_set_rbtree: check for partial overlaps in anonymous sets
Title source: cnaDescription
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic skips anonymous set checks on start elements for this reason. However, it is possible to add intervals that overlap to this anonymous where two start elements with the same, eg. A-B, A-C where C < B. start end A B start end A C Restore the check on overlapping start elements to report an overlap.
References (8)
Core 8
Core References
Scores
CVSS v3
5.5
EPSS
0.0016
EPSS Percentile
5.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (33)
linux/Kernel
< 5.10.252linux
linux/Kernel
5.11.0 - 5.15.202linux
linux/Kernel
5.16.0 - 6.1.165linux
linux/Kernel
6.13.0 - 6.19.4linux
linux/Kernel
6.2.0 - 6.12.75linux
linux/Kernel
6.7.0 - 6.18.14linux
Linux/Linux
< 6.2
Linux/Linux
181859bdfb9734aca449512fccaee4cacce64aed
Linux/Linux
2bf1435fa19d2c58054391b3bba40d5510a5758c - 029e5f6a95e905b12d6bc20421be32a01e0eb311
Linux/Linux
318cb24a4c3fce8140afaf84e4d45fcb76fb280b - f1381ce0a1dd013610985e1c4260908163a427df
... and 23 more
Published
May 27, 2026
Tracked Since
May 27, 2026