SB20260625171 - Improper access control in Linux kernel netfilter
Published: June 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper access control (CVE-ID: CVE-2026-53001)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to bypass intended netfilter match restrictions.
The vulnerability exists due to improper access control in the netfilter xtables match extensions xt_mac, xt_owner, xt_physdev, and xt_realm when registering protocol families. A local user can invoke these matches with unsupported protocol families to bypass intended netfilter match restrictions.
The issue stems from these matches being registered for unspecified protocol families even though they are intended only for IPv4 and IPv6, and xt_realm is intended only for IPv4.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/14203f9edf944b3fb63faadd62f38452421ecdfc
- https://git.kernel.org/stable/c/689a91ff18d6448d94c1ab7c076fecdb2b668bef
- https://git.kernel.org/stable/c/76160e04440c9698b989dbd9492a7ec4f520c9ee
- https://git.kernel.org/stable/c/7eaf9c740f33230cb224dc265f3c69f8531ff57b
- https://git.kernel.org/stable/c/9a109751b297b0f2135495749ef5a18ba31ec7d4
- https://git.kernel.org/stable/c/b6fe26f86a1649f84e057f3f15605b08eda15497
- https://git.kernel.org/stable/c/cbeb259f31382de70a70a59ffd0e66f5e80d9818
- https://git.kernel.org/stable/c/fa88161ef56e29bdaa05cc89dbc4ee221e94bfe9