{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-52921", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.367Z", "datePublished": "2026-06-24T07:14:16.533Z", "dateUpdated": "2026-06-24T07:14:16.533Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-24T07:14:16.533Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: stop hash:* range iteration at end\n\nThe following hash set variants:\n\nhash:ip,mark\nhash:ip,port\nhash:ip,port,ip\nhash:ip,port,net\n\niterate IPv4 ranges with a 32-bit iterator.\n\nThe iterator must stop once the last address in the requested range has\nbeen processed. Advancing it once more can move the traversal state past\nthe end of the request, so a later retry may continue from an unintended\nposition.\n\nHandle the iterator increment explicitly at the end of the loop and stop\nonce the upper bound has been processed. This keeps the existing retry\nbehaviour intact for valid ranges while preventing traversal from\ncontinuing past the original boundary."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/ipset/ip_set_hash_ipmark.c", "net/netfilter/ipset/ip_set_hash_ipport.c", "net/netfilter/ipset/ip_set_hash_ipportip.c", "net/netfilter/ipset/ip_set_hash_ipportnet.c"], "versions": [{"version": "48596a8ddc46f96afb6a2cd72787cb15d6bb01fc", "lessThan": "be75218fadea22e59c8673db212f29c681bf45bb", "status": "affected", "versionType": "git"}, {"version": "48596a8ddc46f96afb6a2cd72787cb15d6bb01fc", "lessThan": "383418c20e69f5761b6ec5238f599423f4fb77fb", "status": "affected", "versionType": "git"}, {"version": "48596a8ddc46f96afb6a2cd72787cb15d6bb01fc", "lessThan": "0d7b33ace701fe397e6e4de145f32e098178d901", "status": "affected", "versionType": "git"}, {"version": "48596a8ddc46f96afb6a2cd72787cb15d6bb01fc", "lessThan": "c281e018af98df91827d65bec00f4956c00a1b02", "status": "affected", "versionType": "git"}, {"version": "48596a8ddc46f96afb6a2cd72787cb15d6bb01fc", "lessThan": "02f75f041a93ea045834da89cd3234f4c1d749b4", "status": "affected", "versionType": "git"}, {"version": "48596a8ddc46f96afb6a2cd72787cb15d6bb01fc", "lessThan": "952e988163c2ab9939c3db9f0f8e77af6a1bb436", "status": "affected", "versionType": "git"}, {"version": "48596a8ddc46f96afb6a2cd72787cb15d6bb01fc", "lessThan": "0b530efb2cc9dbdddfd49d392e3a857f0d4ce8dc", "status": "affected", "versionType": "git"}, {"version": "48596a8ddc46f96afb6a2cd72787cb15d6bb01fc", "lessThan": "0d3a282ab5f165fc207ff49ea5b6ad8f54616bd6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/ipset/ip_set_hash_ipmark.c", "net/netfilter/ipset/ip_set_hash_ipport.c", "net/netfilter/ipset/ip_set_hash_ipportip.c", "net/netfilter/ipset/ip_set_hash_ipportnet.c"], "versions": [{"version": "4.14", "status": "affected"}, {"version": "0", "lessThan": "4.14", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.258", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.209", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.175", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.142", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.92", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.34", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.11", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "5.10.258"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "5.15.209"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.1.175"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.6.142"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.12.92"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.18.34"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "7.0.11"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/be75218fadea22e59c8673db212f29c681bf45bb"}, {"url": "https://git.kernel.org/stable/c/383418c20e69f5761b6ec5238f599423f4fb77fb"}, {"url": "https://git.kernel.org/stable/c/0d7b33ace701fe397e6e4de145f32e098178d901"}, {"url": "https://git.kernel.org/stable/c/c281e018af98df91827d65bec00f4956c00a1b02"}, {"url": "https://git.kernel.org/stable/c/02f75f041a93ea045834da89cd3234f4c1d749b4"}, {"url": "https://git.kernel.org/stable/c/952e988163c2ab9939c3db9f0f8e77af6a1bb436"}, {"url": "https://git.kernel.org/stable/c/0b530efb2cc9dbdddfd49d392e3a857f0d4ce8dc"}, {"url": "https://git.kernel.org/stable/c/0d3a282ab5f165fc207ff49ea5b6ad8f54616bd6"}], "title": "netfilter: ipset: stop hash:* range iteration at end", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{"bugzilla": {"description": "kernel: netfilter: ipset: stop hash:* range iteration at end", "id": "2492111", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492111"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-193", "details": ["A flaw was found in the Linux kernel's netfilter ipset component. Specifically, certain hash set variants (such as hash:ip,mark and hash:ip,port) that iterate IPv4 ranges with a 32-bit iterator do not correctly stop at the end of the requested range. This can cause the iteration to advance beyond the intended boundary, potentially leading to a later retry continuing from an unintended position. This issue could result in incorrect processing of network rules or unexpected system behavior."], "name": "CVE-2026-52921", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-52921\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-52921\nhttps://lore.kernel.org/linux-cve-announce/2026062430-CVE-2026-52921-0628@gregkh/T"], "threat_severity": "Low"}