In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftexthdr: fix register tracking for FPRESENT flag
nftexthdrinit() passes user-controlled priv->len to nftparseregisterstore(), which marks that many bytes in the register bitmap as initialized. However, when NFTEXTHDRFPRESENT is set, the eval paths write only 1 byte (nftregstore8) or 4 bytes (*dest = 0 on TCP/DCCP error path). When len > 4, registers beyond the first are never written, retaining uninitialized stack data from nft_regs.
Bail out if userspace requests too much data when F_PRESENT is set.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53218.json",
"cna_assigner": "Linux"
}