{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-45897", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.083Z", "datePublished": "2026-05-27T12:17:07.038Z", "dateUpdated": "2026-05-27T12:17:07.038Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-27T12:17:07.038Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_counter: serialize reset with spinlock\n\nAdd a global static spinlock to serialize counter fetch+reset\noperations, preventing concurrent dump-and-reset from underrunning\nvalues.\n\nThe lock is taken before fetching the total so that two parallel\nresets cannot both read the same counter values and then both\nsubtract them.\n\nA global lock is used for simplicity since resets are infrequent.\nIf this becomes a bottleneck, it can be replaced with a per-net\nlock later."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nft_counter.c"], "versions": [{"version": "3cb03edb4de33fd04c4ea55f47397b96a8657c53", "lessThan": "0cdc6d5a26f2d1f7f15a43526841b679445c32e2", "status": "affected", "versionType": "git"}, {"version": "3cb03edb4de33fd04c4ea55f47397b96a8657c53", "lessThan": "779c60a5190c42689534172f4b49e927c9959e4e", "status": "affected", "versionType": "git"}, {"version": "fb1adb05ea87b6149e65a31e511756c4f470d0cd", "status": "affected", "versionType": "git"}, {"version": "f123293db16dcd0cd81b246ae60e6362f0025d0a", "status": "affected", "versionType": "git"}, {"version": "6.1.107", "lessThan": "6.2", "status": "affected", "versionType": "semver"}, {"version": "6.6.48", "lessThan": "6.7", "status": "affected", "versionType": "semver"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nft_counter.c"], "versions": [{"version": "6.7", "status": "affected"}, {"version": "0", "lessThan": "6.7", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.4", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.19.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "7.0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.107"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.48"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0cdc6d5a26f2d1f7f15a43526841b679445c32e2"}, {"url": "https://git.kernel.org/stable/c/779c60a5190c42689534172f4b49e927c9959e4e"}], "title": "netfilter: nft_counter: serialize reset with spinlock", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_counter: serialize reset with spinlock\n\nAdd a global static spinlock to serialize counter fetch+reset\noperations, preventing concurrent dump-and-reset from underrunning\nvalues.\n\nThe lock is taken before fetching the total so that two parallel\nresets cannot both read the same counter values and then both\nsubtract them.\n\nA global lock is used for simplicity since resets are infrequent.\nIf this becomes a bottleneck, it can be replaced with a per-net\nlock later."}], "id": "CVE-2026-45897", "lastModified": "2026-05-27T14:48:31.480", "metrics": {}, "published": "2026-05-27T14:17:03.977", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0cdc6d5a26f2d1f7f15a43526841b679445c32e2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/779c60a5190c42689534172f4b49e927c9959e4e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: netfilter: nft_counter: serialize reset with spinlock", "id": "2482046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482046"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-820", "details": ["A flaw was found in the Linux kernel's netfilter component, specifically in how network counters are handled. This vulnerability allows for a race condition during simultaneous operations to read and reset these counters. As a result, counter values could be incorrectly reduced, leading to inaccurate system metrics and potential integrity issues."], "name": "CVE-2026-45897", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-45897\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-45897\nhttps://lore.kernel.org/linux-cve-announce/2026052719-CVE-2026-45897-233a@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[3cb03edb4de33fd04c4ea55f47397b96a8657c53,0cdc6d5a26f2d1f7f15a43526841b679445c32e2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[3cb03edb4de33fd04c4ea55f47397b96a8657c53,779c60a5190c42689534172f4b49e927c9959e4e)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "fb1adb05ea87b6149e65a31e511756c4f470d0cd"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "f123293db16dcd0cd81b246ae60e6362f0025d0a"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[6.1.107,6.2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[6.6.48,6.7)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.7"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.7)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19.4,6.19.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-05-27T16:00:08.702585+00:00", "updated": "2026-05-28T16:15:04.189462+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}