Improper access control in Linux kernel - CVE-2026-53001
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to bypass intended netfilter match restrictions.
The vulnerability exists due to improper access control in the netfilter xtables match extensions xt_mac, xt_owner, xt_physdev, and xt_realm when registering protocol families. A local user can invoke these matches with unsupported protocol families to bypass intended netfilter match restrictions.
The issue stems from these matches being registered for unspecified protocol families even though they are intended only for IPv4 and IPv6, and xt_realm is intended only for IPv4.
How to mitigate CVE-2026-53001
Sources
- https://git.kernel.org/stable/c/14203f9edf944b3fb63faadd62f38452421ecdfc
- https://git.kernel.org/stable/c/689a91ff18d6448d94c1ab7c076fecdb2b668bef
- https://git.kernel.org/stable/c/76160e04440c9698b989dbd9492a7ec4f520c9ee
- https://git.kernel.org/stable/c/7eaf9c740f33230cb224dc265f3c69f8531ff57b
- https://git.kernel.org/stable/c/9a109751b297b0f2135495749ef5a18ba31ec7d4
- https://git.kernel.org/stable/c/b6fe26f86a1649f84e057f3f15605b08eda15497
- https://git.kernel.org/stable/c/cbeb259f31382de70a70a59ffd0e66f5e80d9818
- https://git.kernel.org/stable/c/fa88161ef56e29bdaa05cc89dbc4ee221e94bfe9