SB20260625171 - Improper access control in Linux kernel netfilter



SB20260625171 - Improper access control in Linux kernel netfilter

Published: June 25, 2026

Security Bulletin ID SB20260625171
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper access control (CVE-ID: CVE-2026-53001)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to bypass intended netfilter match restrictions.

The vulnerability exists due to improper access control in the netfilter xtables match extensions xt_mac, xt_owner, xt_physdev, and xt_realm when registering protocol families. A local user can invoke these matches with unsupported protocol families to bypass intended netfilter match restrictions.

The issue stems from these matches being registered for unspecified protocol families even though they are intended only for IPv4 and IPv6, and xt_realm is intended only for IPv4.


Remediation

Install update from vendor's website.