CVE-2026-53218

Source
https://cve.org/CVERecord?id=CVE-2026-53218
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53218.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53218
Downstream
Related
Published
2026-06-25T08:39:21.069Z
Modified
2026-07-08T08:09:46.762203295Z
Summary
netfilter: nft_exthdr: fix register tracking for F_PRESENT flag
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nftexthdr: fix register tracking for FPRESENT flag

nftexthdrinit() passes user-controlled priv->len to nftparseregisterstore(), which marks that many bytes in the register bitmap as initialized. However, when NFTEXTHDRFPRESENT is set, the eval paths write only 1 byte (nftregstore8) or 4 bytes (*dest = 0 on TCP/DCCP error path). When len > 4, registers beyond the first are never written, retaining uninitialized stack data from nft_regs.

Bail out if userspace requests too much data when F_PRESENT is set.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53218.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c078ca3b0c5bf82c2b31906c446d6e2ad8ea0783
Fixed
8738b1b6d0e639ca1fc0f61516afd3557ac4ecc6
Fixed
19748967d59c31d24d21d40b728570788310b237
Fixed
46fc15a044e9938e7ea77786fb37edd2cd74f031
Fixed
cd513e43b4b2bd1de39e2367bc4261c699a8652f
Fixed
67b27434c43b68a97becda98c9f0c8cf6cba2134
Fixed
78069a6d8bc86c9e036eb82c2af4a19cc1871a53
Fixed
f08fb3d42fd3aad0b7a263da3ac3ebaf0845e265
Fixed
772cecf198da732faebb5dcfc46d66a505be8495

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53218.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.11.0
Fixed
5.10.259
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.210
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.176
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.143
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.94
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.36
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53218.json"