CVE-2026-46101

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

In the Linux kernel, the following vulnerability has been resolved:

netfilter: reject zero shift in nft bitwise

Reject zero shift operands for nft bitwise left and right shift expressions during initialization.

The carry propagation logic computes the carry from the adjacent 32-bit word using BITS PER TYPE(u32) - shift. A zero shift operand turns this into a 32-bit shift, which is undefined behaviour.

Reject zero shift operands in the control plane, alongside the existing check for values greater than or equal to 32, so malformed rules never reach the packet path.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-46101

Affected Products

Linux

CVE-2026-46101

Related Identifiers

Affected Products

References · 6