CVE Catalog

CVE-2026-53269

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

A race condition was found in the Linux kernel's synproxy mechanism when registering netfilter hooks concurrently from iptables or nftables. Lack of synchronization may lead to incorrect reference counting and potential system instability.

Risk Assessment

The organization risks system instability or network disruptions if multiple administrators or automated tools manage SYNPROXY rules simultaneously.

Recommendation

Immediately update the Linux kernel to a version that includes the fix introducing a mutex to serialize access to the synproxy hook reference counter.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: add mutex to guard hook reference counting As the synproxy infrastructure register netfilter hooks on-demand when a user adds the first iptables target or nftables expression, if done concurrently they can race each other. Introduce a mutex to serialize the refcount control blocks access from both frontends. While a per namespace mutex might be more efficient, it is not needed for target/expression like SYNPROXY.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS