CVE-2026-45897

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_counter: serialize reset with spinlock Add a global static spinlock to serialize counter fetch+reset operations, preventing concurrent dump-and-reset from underrunning values. The lock is taken before fetching the total so that two parallel resets cannot both read the same counter values and then both subtract them. A global lock is used for simplicity since resets are infrequent. If this becomes a bottleneck, it can be replaced with a per-net lock later.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0cdc6d5a26f2d1f7f15a43526841b679445c32e2	Patch
https://git.kernel.org/stable/c/779c60a5190c42689534172f4b49e927c9959e4e	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

25 Jun 2026, 21:09

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
First Time		Linux linux Kernel Linux
References	~~() https://git.kernel.org/stable/c/0cdc6d5a26f2d1f7f15a43526841b679445c32e2 -~~	() https://git.kernel.org/stable/c/0cdc6d5a26f2d1f7f15a43526841b679445c32e2 - Patch
References	~~() https://git.kernel.org/stable/c/779c60a5190c42689534172f4b49e927c9959e4e -~~	() https://git.kernel.org/stable/c/779c60a5190c42689534172f4b49e927c9959e4e - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel::::::::

27 May 2026, 14:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-27 14:17

Updated : 2026-06-25 21:09

NVD link : CVE-2026-45897

Mitre link : CVE-2026-45897

CVE.ORG link : CVE-2026-45897

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2026-45897", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "affected": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "affectedData": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3cb03edb4de33fd04c4ea55f47397b96a8657c53", "lessThan": "0cdc6d5a26f2d1f7f15a43526841b679445c32e2", "versionType": "git"}, {"status": "affected", "version": "3cb03edb4de33fd04c4ea55f47397b96a8657c53", "lessThan": "779c60a5190c42689534172f4b49e927c9959e4e", "versionType": "git"}, {"status": "affected", "version": "fb1adb05ea87b6149e65a31e511756c4f470d0cd", "versionType": "git"}, {"status": "affected", "version": "f123293db16dcd0cd81b246ae60e6362f0025d0a", "versionType": "git"}, {"status": "affected", "version": "6.1.107", "lessThan": "6.2", "versionType": "semver"}, {"status": "affected", "version": "6.6.48", "lessThan": "6.7", "versionType": "semver"}], "programFiles": ["net/netfilter/nft_counter.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.7"}, {"status": "unaffected", "version": "0", "lessThan": "6.7", "versionType": "semver"}, {"status": "unaffected", "version": "6.19.4", "versionType": "semver", "lessThanOrEqual": "6.19.*"}, {"status": "unaffected", "version": "7.0", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/netfilter/nft_counter.c"], "defaultStatus": "affected"}]}], "published": "2026-05-27T14:17:03.977", "references": [{"url": "https://git.kernel.org/stable/c/0cdc6d5a26f2d1f7f15a43526841b679445c32e2", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/779c60a5190c42689534172f4b49e927c9959e4e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_counter: serialize reset with spinlock\n\nAdd a global static spinlock to serialize counter fetch+reset\noperations, preventing concurrent dump-and-reset from underrunning\nvalues.\n\nThe lock is taken before fetching the total so that two parallel\nresets cannot both read the same counter values and then both\nsubtract them.\n\nA global lock is used for simplicity since resets are infrequent.\nIf this becomes a bottleneck, it can be replaced with a per-net\nlock later."}], "lastModified": "2026-06-25T21:09:45.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A1E4A4D-E736-4034-B734-953CD5D22F1D", "versionEndExcluding": "6.2", "versionStartIncluding": "6.1.107"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3E44F97-A592-4211-A207-407DFC22549C", "versionEndExcluding": "6.19.4", "versionStartIncluding": "6.6.48"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}