Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-53000
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-24 Jun, 2026 | 16:29
Updated At-30 Jun, 2026 | 12:09
Rejected At-
▼CVE Numbering Authority (CNA)
netfilter: nat: use kfree_rcu to release ops

In the Linux kernel, the following vulnerability has been resolved: netfilter: nat: use kfree_rcu to release ops Florian Westphal says: "Historically this is not an issue, even for normal base hooks: the data path doesn't use the original nf_hook_ops that are used to register the callbacks. However, in v5.14 I added the ability to dump the active netfilter hooks from userspace. This code will peek back into the nf_hook_ops that are available at the tail of the pointer-array blob used by the datapath. The nat hooks are special, because they are called indirectly from the central nat dispatcher hook. They are currently invisible to the nfnl hook dump subsystem though. But once that changes the nat ops structures have to be deferred too." Update nf_nat_register_fn() to deal with partial exposition of the hooks from error path which can be also an issue for nfnetlink_hook.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/ipv4/netfilter/iptable_nat.c
  • net/ipv6/netfilter/ip6table_nat.c
  • net/netfilter/nf_nat_core.c
Default Status
unaffected
Versions
Affected
  • From e2cf17d3774c323ef6dab6e9f7c0cfc5e742afd9 before 32fdd2e38e7435a368d88f5977a7d6585ebc8b0e (git)
  • From e2cf17d3774c323ef6dab6e9f7c0cfc5e742afd9 before 3c7511f38ab511b791196b13ae48bf4973bf7dfd (git)
  • From e2cf17d3774c323ef6dab6e9f7c0cfc5e742afd9 before 6eda0d771f94267f73f57c94630aa47e90957915 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/ipv4/netfilter/iptable_nat.c
  • net/ipv6/netfilter/ip6table_nat.c
  • net/netfilter/nf_nat_core.c
Default Status
affected
Versions
Affected
  • 5.14
Unaffected
  • From 0 before 5.14 (semver)
  • From 6.18.33 through 6.18.* (semver)
  • From 7.0.10 through 7.0.* (semver)
  • From 7.1 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://git.kernel.org/stable/c/32fdd2e38e7435a368d88f5977a7d6585ebc8b0e
N/A
https://git.kernel.org/stable/c/3c7511f38ab511b791196b13ae48bf4973bf7dfd
N/A
https://git.kernel.org/stable/c/6eda0d771f94267f73f57c94630aa47e90957915
N/A
Hyperlink: https://git.kernel.org/stable/c/32fdd2e38e7435a368d88f5977a7d6585ebc8b0e
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/3c7511f38ab511b791196b13ae48bf4973bf7dfd
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/6eda0d771f94267f73f57c94630aa47e90957915
Resource: N/A
▼Authorized Data Publishers (ADP)
kernel: netfilter: nat: use kfree_rcu to release ops

A flaw was found in the Linux kernel's netfilter component, specifically within the Network Address Translation (NAT) subsystem. This vulnerability involves improper memory management when releasing network filter operation structures. This could potentially allow an attacker to cause a system crash, leading to a Denial of Service (DoS), or to gain unauthorized access to sensitive information due to the partial exposure of internal hook data during error handling.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 10
CPEs
  • cpe:/o:redhat:enterprise_linux:10
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
unaffected
Problem Types
TypeCWE IDDescription
CWECWE-763Release of Invalid Pointer or Reference
Type: CWE
CWE ID: CWE-763
Description: Release of Invalid Pointer or Reference
Metrics
VersionBase scoreBase severityVector
3.17.0HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Reported to Red Hat.2026-06-24 00:00:00
Made public.2026-06-24 00:00:00
Event: Reported to Red Hat.
Date: 2026-06-24 00:00:00
Event: Made public.
Date: 2026-06-24 00:00:00
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-53000
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2492273
issue-tracking
x_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53000.json
x_sadp-csaf-vex
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-53000
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2492273
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53000.json
Resource:
x_sadp-csaf-vex
Details not found