Improper access control in Linux kernel - CVE-2026-53001

 

Improper access control in Linux kernel - CVE-2026-53001

Published: June 25, 2026


Vulnerability identifier: #VU135363
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-53001
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to bypass intended netfilter match restrictions.

The vulnerability exists due to improper access control in the netfilter xtables match extensions xt_mac, xt_owner, xt_physdev, and xt_realm when registering protocol families. A local user can invoke these matches with unsupported protocol families to bypass intended netfilter match restrictions.

The issue stems from these matches being registered for unspecified protocol families even though they are intended only for IPv4 and IPv6, and xt_realm is intended only for IPv4.


How to mitigate CVE-2026-53001

Install security update from vendor's repository.

Sources