CVE Catalog

CVE-2026-46324

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

In the Linux kernel, a vulnerability was found in the netfilter nf_tables subsystem where nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks did not use list_del_rcu() for removing elements from the netlink hooks list. This list can be concurrently traversed by dumpers, leading to a potential race condition.

Risk Assessment

The organization is exposed to system instability or potential information disclosure due to concurrent access to the hooks list during removal and dumping operations.

Recommendation

It is recommended to immediately update the Linux kernel to a version containing the fix (commit using list_del_rcu). Monitor official security advisories from your distribution.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use list_del_rcu for netlink hooks nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks need to use list_del_rcu(), this list can be walked by concurrent dumpers. Add a new helper and use it consistently.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS