{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53269", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.395Z", "datePublished": "2026-06-25T08:39:55.172Z", "dateUpdated": "2026-06-25T08:39:55.172Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-25T08:39:55.172Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: synproxy: add mutex to guard hook reference counting\n\nAs the synproxy infrastructure register netfilter hooks on-demand when a\nuser adds the first iptables target or nftables expression, if done\nconcurrently they can race each other.\n\nIntroduce a mutex to serialize the refcount control blocks access from\nboth frontends. While a per namespace mutex might be more efficient, it\nis not needed for target/expression like SYNPROXY."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nf_synproxy_core.c"], "versions": [{"version": "ad49d86e07a497e834cb06f2b151dccd75f8e148", "lessThan": "0ec9ddc1bda261a2c57636c74c8b4e53000102c9", "status": "affected", "versionType": "git"}, {"version": "ad49d86e07a497e834cb06f2b151dccd75f8e148", "lessThan": "56ffbe3a08c01dcdb0d6adee9ce1e535bfb3b389", "status": "affected", "versionType": "git"}, {"version": "ad49d86e07a497e834cb06f2b151dccd75f8e148", "lessThan": "debc57b83d5b323df74bf010c8d50fe26ad2ed6b", "status": "affected", "versionType": "git"}, {"version": "ad49d86e07a497e834cb06f2b151dccd75f8e148", "lessThan": "0f8ba5e4c53d2e4a536aa68140beda9fe59b2f88", "status": "affected", "versionType": "git"}, {"version": "ad49d86e07a497e834cb06f2b151dccd75f8e148", "lessThan": "640441348258220e78daed40528b85b8afcedab6", "status": "affected", "versionType": "git"}, {"version": "ad49d86e07a497e834cb06f2b151dccd75f8e148", "lessThan": "aaf80701dc2f7a48fe543961e21f8ca3924d587c", "status": "affected", "versionType": "git"}, {"version": "ad49d86e07a497e834cb06f2b151dccd75f8e148", "lessThan": "fbf0591275f50eae5733c3d7a8cd6c1e79933ffa", "status": "affected", "versionType": "git"}, {"version": "ad49d86e07a497e834cb06f2b151dccd75f8e148", "lessThan": "2fcba19caaeb2a33017459d3430f057967bb91b6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nf_synproxy_core.c"], "versions": [{"version": "5.3", "status": "affected"}, {"version": "0", "lessThan": "5.3", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.259", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.210", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.176", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.143", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.94", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.36", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.13", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "5.10.259"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "5.15.210"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "6.1.176"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "6.6.143"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "6.12.94"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "6.18.36"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "7.0.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0ec9ddc1bda261a2c57636c74c8b4e53000102c9"}, {"url": "https://git.kernel.org/stable/c/56ffbe3a08c01dcdb0d6adee9ce1e535bfb3b389"}, {"url": "https://git.kernel.org/stable/c/debc57b83d5b323df74bf010c8d50fe26ad2ed6b"}, {"url": "https://git.kernel.org/stable/c/0f8ba5e4c53d2e4a536aa68140beda9fe59b2f88"}, {"url": "https://git.kernel.org/stable/c/640441348258220e78daed40528b85b8afcedab6"}, {"url": "https://git.kernel.org/stable/c/aaf80701dc2f7a48fe543961e21f8ca3924d587c"}, {"url": "https://git.kernel.org/stable/c/fbf0591275f50eae5733c3d7a8cd6c1e79933ffa"}, {"url": "https://git.kernel.org/stable/c/2fcba19caaeb2a33017459d3430f057967bb91b6"}], "title": "netfilter: synproxy: add mutex to guard hook reference counting", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{"bugzilla": {"description": "kernel: netfilter: synproxy: add mutex to guard hook reference counting", "id": "2492718", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492718"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-820", "details": ["A flaw was found in the Linux kernel's netfilter synproxy component. This vulnerability is caused by a race condition during the on-demand registration of netfilter hooks. A local user with privileges to modify netfilter rules could exploit this flaw by concurrently adding iptables targets or nftables expressions. This could lead to unexpected behavior or system instability, potentially resulting in a denial of service (DoS)."], "name": "CVE-2026-53269", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-53269\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-53269\nhttps://lore.kernel.org/linux-cve-announce/2026062518-CVE-2026-53269-bb6e@gregkh/T"], "threat_severity": "Moderate"}