NULL pointer dereference in Linux kernel - CVE-2026-53220
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in ebt_redirect_tg() in net/bridge/netfilter/ebt_redirect.c when reinjecting an NFQUEUE packet after bridge port state changes. A local user can remove or reassign the bridge port before reinjection to cause a denial of service.
The issue occurs if the bridge port is removed between the original hook invocation and NFQUEUE reinjection, and the device may also be moved to a different virtual device such as macvlan.