PT-2026-52313 · Linux · Linux
Published
2026-06-25
·
Updated
2026-06-25
·
CVE-2026-53218
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft exthdr: fix register tracking for F PRESENT flag
nft exthdr init() passes user-controlled priv->len to
nft parse register store(), which marks that many bytes in the
register bitmap as initialized. However, when NFT EXTHDR F PRESENT
is set, the eval paths write only 1 byte (nft reg store8) or
4 bytes (*dest = 0 on TCP/DCCP error path). When len > 4,
registers beyond the first are never written, retaining
uninitialized stack data from nft regs.
Bail out if userspace requests too much data when F PRESENT is set.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux