CVE-2026-45873 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets

Userspace provides an optimized representation in case intervals are
adjacent, where the end element is omitted.

The existing partial overlap detection logic skips anonymous set checks
on start elements for this reason.

However, it is possible to add intervals that overlap to this anonymous
where two start elements with the same, eg. A-B, A-C where C < B.

start end
A B
start end
A C

Restore the check on overlapping start elements to report an overlap.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`4aacf3d78424293e318c616016865380b37b9cc5`	affected	< 7ca5813e1b21ef300e04593f47b073ef3217aac6
`2bf1435fa19d2c58054391b3bba40d5510a5758c`	affected	< 029e5f6a95e905b12d6bc20421be32a01e0eb311
`318cb24a4c3fce8140afaf84e4d45fcb76fb280b`	affected	< f1381ce0a1dd013610985e1c4260908163a427df
`c9e6978e2725a7d4b6cd23b2facd3f11422c0643`	affected	< f1535d56fc3f6c625b7e0559c006bd0318791bb1
`c9e6978e2725a7d4b6cd23b2facd3f11422c0643`	affected	< 05feaf826390fd16f1deb89dd9412def3b2a280f
`c9e6978e2725a7d4b6cd23b2facd3f11422c0643`	affected	< dad14d22dff1a191612acb98facceb303d0524a2
`c9e6978e2725a7d4b6cd23b2facd3f11422c0643`	affected	< e6497e06a102870803a59570d75ed2c36d7e11b3
`c9e6978e2725a7d4b6cd23b2facd3f11422c0643`	affected	< 4780ec142cbb24b794129d3080eee5cac2943ffc
`7ab87a326f20c52ff4d9972052d085be951c704b`	affected	—
`181859bdfb9734aca449512fccaee4cacce64aed`	affected	—
`5.10.166`	affected	< 5.10.252
`5.15.91`	affected	< 5.15.202
`6.1.9`	affected	< 6.1.165
`4.19.316`	affected	< 4.20
`5.4.262`	affected	< 5.5

Linux

affected

Version	Status	Constraints
`6.2`	affected	—
`0`	unaffected	< 6.2
`5.10.252`	unaffected	≤ 5.10.*
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.14`	unaffected	≤ 6.18.*
`6.19.4`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/029e5f6a95e905b12d6bc20421be32a01e0eb311
https://git.kernel.org/stable/c/05feaf826390fd16f1deb89dd9412def3b2a280f
https://git.kernel.org/stable/c/4780ec142cbb24b794129d3080eee5cac2943ffc
https://git.kernel.org/stable/c/7ca5813e1b21ef300e04593f47b073ef3217aac6
https://git.kernel.org/stable/c/dad14d22dff1a191612acb98facceb303d0524a2
https://git.kernel.org/stable/c/e6497e06a102870803a59570d75ed2c36d7e11b3
https://git.kernel.org/stable/c/f1381ce0a1dd013610985e1c4260908163a427df
https://git.kernel.org/stable/c/f1535d56fc3f6c625b7e0559c006bd0318791bb1

History

Wed, 27 May 2026 22:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-20

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case intervals are adjacent, where the end element is omitted. The existing partial overlap detection logic skips anonymous set checks on start elements for this reason. However, it is possible to add intervals that overlap to this anonymous where two start elements with the same, eg. A-B, A-C where C < B. start end A B start end A C Restore the check on overlapping start elements to report an overlap.
Title		netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/029e5f6a95e905b12d6bc20421be32a01e0eb311 https://git.kernel.org/stable/c/05feaf826390fd16f1deb89dd9412def3b2a280f https://git.kernel.org/stable/c/4780ec142cbb24b794129d3080eee5cac2943ffc https://git.kernel.org/stable/c/7ca5813e1b21ef300e04593f47b073ef3217aac6 https://git.kernel.org/stable/c/dad14d22dff1a191612acb98facceb303d0524a2 https://git.kernel.org/stable/c/e6497e06a102870803a59570d75ed2c36d7e11b3 https://git.kernel.org/stable/c/f1381ce0a1dd013610985e1c4260908163a427df https://git.kernel.org/stable/c/f1535d56fc3f6c625b7e0559c006bd0318791bb1

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:15:52.916Z

Updated: 2026-05-27T12:15:52.916Z

Reserved: 2026-05-13T15:03:33.081Z

Link: CVE-2026-45873

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:00.780

Modified: 2026-05-27T14:48:31.480

Link: CVE-2026-45873

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-27T21:45:43Z

Weaknesses

No weakness.

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object