CVE-2026-45897

Published: Mag 27, 2026 Last Modified: Mag 27, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_counter: serialize reset with spinlock

Add a global static spinlock to serialize counter fetch+reset
operations, preventing concurrent dump-and-reset from underrunning
values.

The lock is taken before fetching the total so that two parallel
resets cannot both read the same counter values and then both
subtract them.

A global lock is used for simplicity since resets are infrequent.
If this becomes a bottleneck, it can be replaced with a per-net
lock later.

https://git.kernel.org/stable/c/0cdc6d5a26f2d1f7f15a4352684…
https://git.kernel.org/stable/c/0cdc6d5a26f2d1f7f15a43526841b679445c32e2
https://git.kernel.org/stable/c/779c60a5190c42689534172f4b4…
https://git.kernel.org/stable/c/779c60a5190c42689534172f4b49e927c9959e4e