{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-52920", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.367Z", "datePublished": "2026-06-24T07:14:15.866Z", "dateUpdated": "2026-06-24T07:14:15.866Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-24T07:14:15.866Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_policy: fix strict mode inbound policy matching\n\nmatch_policy_in() walks sec_path entries from the last transform to the\nfirst one, but strict policy matching needs to consume info->pol[] in\nthe same forward order as the rule layout.\n\nDerive the strict-match policy position from the number of transforms\nalready consumed so that multi-element inbound rules are matched\nconsistently."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/xt_policy.c"], "versions": [{"version": "c4b885139203d37f76662c37ae645fe8e0f4e4e5", "lessThan": "eb323f7b82d2e2f638de0cc2a177803eb20e0707", "status": "affected", "versionType": "git"}, {"version": "c4b885139203d37f76662c37ae645fe8e0f4e4e5", "lessThan": "fc1c518bb1f054831ecabb32da9b8e1dff9699c6", "status": "affected", "versionType": "git"}, {"version": "c4b885139203d37f76662c37ae645fe8e0f4e4e5", "lessThan": "f98b7f85e04b40e28b08c461ded0cc79f14f5509", "status": "affected", "versionType": "git"}, {"version": "c4b885139203d37f76662c37ae645fe8e0f4e4e5", "lessThan": "82664d0f1ba25e4f9a71994954abae24c60f4067", "status": "affected", "versionType": "git"}, {"version": "c4b885139203d37f76662c37ae645fe8e0f4e4e5", "lessThan": "b130a6eefa02bd4d475f2f059da8bcfb3e7d18d9", "status": "affected", "versionType": "git"}, {"version": "c4b885139203d37f76662c37ae645fe8e0f4e4e5", "lessThan": "938867e870fb5471bb16f442aeac81326e05bf65", "status": "affected", "versionType": "git"}, {"version": "c4b885139203d37f76662c37ae645fe8e0f4e4e5", "lessThan": "392cc1d8408b5665215c1e9290bbf0f92339b043", "status": "affected", "versionType": "git"}, {"version": "c4b885139203d37f76662c37ae645fe8e0f4e4e5", "lessThan": "4b2b4d7d4e203c92db8966b163edfacb1f0e1e29", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/xt_policy.c"], "versions": [{"version": "2.6.17", "status": "affected"}, {"version": "0", "lessThan": "2.6.17", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.258", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.209", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.175", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.141", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.91", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.33", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.10", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.17", "versionEndExcluding": "5.10.258"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.17", "versionEndExcluding": "5.15.209"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.17", "versionEndExcluding": "6.1.175"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.17", "versionEndExcluding": "6.6.141"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.17", "versionEndExcluding": "6.12.91"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.17", "versionEndExcluding": "6.18.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.17", "versionEndExcluding": "7.0.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.17", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/eb323f7b82d2e2f638de0cc2a177803eb20e0707"}, {"url": "https://git.kernel.org/stable/c/fc1c518bb1f054831ecabb32da9b8e1dff9699c6"}, {"url": "https://git.kernel.org/stable/c/f98b7f85e04b40e28b08c461ded0cc79f14f5509"}, {"url": "https://git.kernel.org/stable/c/82664d0f1ba25e4f9a71994954abae24c60f4067"}, {"url": "https://git.kernel.org/stable/c/b130a6eefa02bd4d475f2f059da8bcfb3e7d18d9"}, {"url": "https://git.kernel.org/stable/c/938867e870fb5471bb16f442aeac81326e05bf65"}, {"url": "https://git.kernel.org/stable/c/392cc1d8408b5665215c1e9290bbf0f92339b043"}, {"url": "https://git.kernel.org/stable/c/4b2b4d7d4e203c92db8966b163edfacb1f0e1e29"}], "title": "netfilter: xt_policy: fix strict mode inbound policy matching", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{"bugzilla": {"description": "kernel: netfilter: xt_policy: fix strict mode inbound policy matching", "id": "2492112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492112"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-551", "details": ["A flaw was found in the Linux kernel's netfilter component, which is responsible for network packet filtering. This vulnerability, located in the `xt_policy` module, involves an error in how strict inbound network policies are matched. This could allow an attacker to bypass established security rules, potentially leading to unauthorized network access or unintended exposure of services. The flaw could compromise the effectiveness of network traffic control."], "name": "CVE-2026-52920", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-52920\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-52920\nhttps://lore.kernel.org/linux-cve-announce/2026062430-CVE-2026-52920-22f8@gregkh/T"], "threat_severity": "Moderate"}