SB20260528158 - Improper control of a resource through its lifetime in Linux kernel bridge
Published: May 28, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper control of a resource through its lifetime (CVE-ID: CVE-2026-45913)
CWE-ID: CWE-664 - Improper control of a resource through its lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper state management in the bridge multicast database handling for vlan contexts when processing multicast database flush operations after bridge and multicast snooping configuration changes. A local user can trigger inconsistent mdb entry accounting to cause a denial of service.
The issue can be triggered by creating multicast database entries on a bridge with vlan filtering enabled and then changing multicast snooping state before flushing entries.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/45525fdfd4cb612d7b414dd5cfa1f43892a7cd71
- https://git.kernel.org/stable/c/724a405ce0309676f1e993c173382b4c4a022beb
- https://git.kernel.org/stable/c/8b769e311a86bb9d15c5658ad283b86fc8f080a2
- https://git.kernel.org/stable/c/d0fdad1bdd21a358cc2c85da3681ae27b86ce6ce
- https://git.kernel.org/stable/c/fae260fc84e1eae8f590c7907e53e8768df2d986