CVE-2026-52921 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: stop hash:* range iteration at end The following hash set variants: hash:ip,mark hash:ip,port hash:ip,port,ip hash:ip,port,net iterate IPv4 ranges with a 32-bit iterator. The iterator must stop once the last address in the requested range has been processed. Advancing it once more can move the traversal state past the end of the request, so a later retry may continue from an unintended position. Handle the iterator increment explicitly at the end of the loop and stop once the upper bound has been processed. This keeps the existing retry behaviour intact for valid ranges while preventing traversal from continuing past the original boundary.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/02f75f041a93ea045834da89cd3234f4c1d749b4
https://git.kernel.org/stable/c/0b530efb2cc9dbdddfd49d392e3a857f0d4ce8dc
https://git.kernel.org/stable/c/0d3a282ab5f165fc207ff49ea5b6ad8f54616bd6
https://git.kernel.org/stable/c/0d7b33ace701fe397e6e4de145f32e098178d901
https://git.kernel.org/stable/c/383418c20e69f5761b6ec5238f599423f4fb77fb
https://git.kernel.org/stable/c/952e988163c2ab9939c3db9f0f8e77af6a1bb436
https://git.kernel.org/stable/c/be75218fadea22e59c8673db212f29c681bf45bb
https://git.kernel.org/stable/c/c281e018af98df91827d65bec00f4956c00a1b02

History

Wed, 24 Jun 2026 07:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: stop hash:* range iteration at end The following hash set variants: hash:ip,mark hash:ip,port hash:ip,port,ip hash:ip,port,net iterate IPv4 ranges with a 32-bit iterator. The iterator must stop once the last address in the requested range has been processed. Advancing it once more can move the traversal state past the end of the request, so a later retry may continue from an unintended position. Handle the iterator increment explicitly at the end of the loop and stop once the upper bound has been processed. This keeps the existing retry behaviour intact for valid ranges while preventing traversal from continuing past the original boundary.
Title		netfilter: ipset: stop hash:* range iteration at end
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/02f75f041a93ea045834da89cd3234f4c1d749b4 https://git.kernel.org/stable/c/0b530efb2cc9dbdddfd49d392e3a857f0d4ce8dc https://git.kernel.org/stable/c/0d3a282ab5f165fc207ff49ea5b6ad8f54616bd6 https://git.kernel.org/stable/c/0d7b33ace701fe397e6e4de145f32e098178d901 https://git.kernel.org/stable/c/383418c20e69f5761b6ec5238f599423f4fb77fb https://git.kernel.org/stable/c/952e988163c2ab9939c3db9f0f8e77af6a1bb436 https://git.kernel.org/stable/c/be75218fadea22e59c8673db212f29c681bf45bb https://git.kernel.org/stable/c/c281e018af98df91827d65bec00f4956c00a1b02

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-24T07:14:16.533Z

Updated: 2026-06-24T07:14:16.533Z

Reserved: 2026-06-09T07:44:35.367Z

Link: CVE-2026-52921

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object