Improper control of a resource through its lifetime in Linux kernel - CVE-2026-45913
Published: May 28, 2026
Vulnerability identifier: #VU132570
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-45913
CWE-ID: CWE-664
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper state management in the bridge multicast database handling for vlan contexts when processing multicast database flush operations after bridge and multicast snooping configuration changes. A local user can trigger inconsistent mdb entry accounting to cause a denial of service.
The issue can be triggered by creating multicast database entries on a bridge with vlan filtering enabled and then changing multicast snooping state before flushing entries.
How to mitigate CVE-2026-45913
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/45525fdfd4cb612d7b414dd5cfa1f43892a7cd71
- https://git.kernel.org/stable/c/724a405ce0309676f1e993c173382b4c4a022beb
- https://git.kernel.org/stable/c/8b769e311a86bb9d15c5658ad283b86fc8f080a2
- https://git.kernel.org/stable/c/d0fdad1bdd21a358cc2c85da3681ae27b86ce6ce
- https://git.kernel.org/stable/c/fae260fc84e1eae8f590c7907e53e8768df2d986