CVE-2026-45873

MEDIUM

netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic skips anonymous set checks on start elements for this reason. However, it is possible to add intervals that overlap to this anonymous where two start elements with the same, eg. A-B, A-C where C < B. start end A B start end A C Restore the check on overlapping start elements to report an overlap.

Scores

CVSS v3 5.5
EPSS 0.0016
EPSS Percentile 5.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (33)
linux/Kernel < 5.10.252linux
linux/Kernel 5.11.0 - 5.15.202linux
linux/Kernel 5.16.0 - 6.1.165linux
linux/Kernel 6.13.0 - 6.19.4linux
linux/Kernel 6.2.0 - 6.12.75linux
linux/Kernel 6.7.0 - 6.18.14linux
Linux/Linux < 6.2
Linux/Linux 181859bdfb9734aca449512fccaee4cacce64aed
Linux/Linux 2bf1435fa19d2c58054391b3bba40d5510a5758c - 029e5f6a95e905b12d6bc20421be32a01e0eb311
Linux/Linux 318cb24a4c3fce8140afaf84e4d45fcb76fb280b - f1381ce0a1dd013610985e1c4260908163a427df
... and 23 more
Published May 27, 2026
Tracked Since May 27, 2026