{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-45897", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.083Z", "datePublished": "2026-05-27T12:17:07.038Z", "dateUpdated": "2026-05-27T12:17:07.038Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-27T12:17:07.038Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_counter: serialize reset with spinlock\n\nAdd a global static spinlock to serialize counter fetch+reset\noperations, preventing concurrent dump-and-reset from underrunning\nvalues.\n\nThe lock is taken before fetching the total so that two parallel\nresets cannot both read the same counter values and then both\nsubtract them.\n\nA global lock is used for simplicity since resets are infrequent.\nIf this becomes a bottleneck, it can be replaced with a per-net\nlock later."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nft_counter.c"], "versions": [{"version": "3cb03edb4de33fd04c4ea55f47397b96a8657c53", "lessThan": "0cdc6d5a26f2d1f7f15a43526841b679445c32e2", "status": "affected", "versionType": "git"}, {"version": "3cb03edb4de33fd04c4ea55f47397b96a8657c53", "lessThan": "779c60a5190c42689534172f4b49e927c9959e4e", "status": "affected", "versionType": "git"}, {"version": "fb1adb05ea87b6149e65a31e511756c4f470d0cd", "status": "affected", "versionType": "git"}, {"version": "f123293db16dcd0cd81b246ae60e6362f0025d0a", "status": "affected", "versionType": "git"}, {"version": "6.1.107", "lessThan": "6.2", "status": "affected", "versionType": "semver"}, {"version": "6.6.48", "lessThan": "6.7", "status": "affected", "versionType": "semver"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nft_counter.c"], "versions": [{"version": "6.7", "status": "affected"}, {"version": "0", "lessThan": "6.7", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.4", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.19.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "7.0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.107"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.48"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0cdc6d5a26f2d1f7f15a43526841b679445c32e2"}, {"url": "https://git.kernel.org/stable/c/779c60a5190c42689534172f4b49e927c9959e4e"}], "title": "netfilter: nft_counter: serialize reset with spinlock", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_counter: serialize reset with spinlock\n\nAdd a global static spinlock to serialize counter fetch+reset\noperations, preventing concurrent dump-and-reset from underrunning\nvalues.\n\nThe lock is taken before fetching the total so that two parallel\nresets cannot both read the same counter values and then both\nsubtract them.\n\nA global lock is used for simplicity since resets are infrequent.\nIf this becomes a bottleneck, it can be replaced with a per-net\nlock later."}], "id": "CVE-2026-45897", "lastModified": "2026-05-27T14:48:31.480", "metrics": {}, "published": "2026-05-27T14:17:03.977", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0cdc6d5a26f2d1f7f15a43526841b679445c32e2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/779c60a5190c42689534172f4b49e927c9959e4e"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{}

{"created": "2026-05-27T16:00:08.702585+00:00", "updated": "2026-05-27T16:00:08.702603+00:00", "vendors": [], "weaknesses": ["CWE-362"]}