CVE-2026-52920

In the Linux kernel, the following vulnerability has been resolved:

netfilter: xt policy: fix strict mode inbound policy matching

match policy in() walks sec path entries from the last transform to the first one, but strict policy matching needs to consume info->pol[] in the same forward order as the rule layout.

Derive the strict-match policy position from the number of transforms already consumed so that multi-element inbound rules are matched consistently.