CVE-2026-45897

Published: May 27, 2026

Modified: May 27, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_counter: serialize reset with spinlock Add a global static spinlock to serialize counter fetch+reset operations, preventing concurrent dump-and-reset from underrunning values. The lock is taken before fetching the total so that two parallel resets cannot both read the same counter values and then both subtract them. A global lock is used for simplicity since resets are infrequent. If this becomes a bottleneck, it can be replaced with a per-net lock later.

Vendor	Product	Versions
Linux	Linux	affected `3cb03edb4de33fd04c4ea55f47397b96a8657c53 - < 0cdc6d5a26f2d1f7f15a43526841b679445c32e2` affected `3cb03edb4de33fd04c4ea55f47397b96a8657c53 - < 779c60a5190c42689534172f4b49e927c9959e4e` affected `fb1adb05ea87b6149e65a31e511756c4f470d0cd` affected `f123293db16dcd0cd81b246ae60e6362f0025d0a` affected `6.1.107 - < 6.2` +1 more versions
Linux	Linux	affected `6.7` unaffected `0 - < 6.7` unaffected `6.19.4 - <= 6.19.` unaffected `7.0 - <= `

References

https://git.kernel.org/stable/c/0cdc6d5a26f2d1f7f15a43526841b679445c32e2

https://git.kernel.org/stable/c/779c60a5190c42689534172f4b49e927c9959e4e

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-45897

Description

Affected Products

References