{"api_version":"1","generated_at":"2026-06-02T17:31:24+00:00","cve":"CVE-2026-45897","urls":{"html":"https://cve.report/CVE-2026-45897","api":"https://cve.report/api/cve/CVE-2026-45897.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-45897","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-45897"},"summary":{"title":"netfilter: nft_counter: serialize reset with spinlock","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_counter: serialize reset with spinlock\n\nAdd a global static spinlock to serialize counter fetch+reset\noperations, preventing concurrent dump-and-reset from underrunning\nvalues.\n\nThe lock is taken before fetching the total so that two parallel\nresets cannot both read the same counter values and then both\nsubtract them.\n\nA global lock is used for simplicity since resets are infrequent.\nIf this becomes a bottleneck, it can be replaced with a per-net\nlock later.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-05-27 14:17:03","updated_at":"2026-05-27 14:48:31"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/0cdc6d5a26f2d1f7f15a43526841b679445c32e2","name":"https://git.kernel.org/stable/c/0cdc6d5a26f2d1f7f15a43526841b679445c32e2","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/779c60a5190c42689534172f4b49e927c9959e4e","name":"https://git.kernel.org/stable/c/779c60a5190c42689534172f4b49e927c9959e4e","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-45897","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45897","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 3cb03edb4de33fd04c4ea55f47397b96a8657c53 0cdc6d5a26f2d1f7f15a43526841b679445c32e2 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 3cb03edb4de33fd04c4ea55f47397b96a8657c53 779c60a5190c42689534172f4b49e927c9959e4e git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected fb1adb05ea87b6149e65a31e511756c4f470d0cd git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected f123293db16dcd0cd81b246ae60e6362f0025d0a git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.1.107 6.2 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.6.48 6.7 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 6.7","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.7 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19.4 6.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"45897","cve":"CVE-2026-45897","epss":"0.000180000","percentile":"0.052520000","score_date":"2026-06-01","updated_at":"2026-06-02 00:05:21"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["net/netfilter/nft_counter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"0cdc6d5a26f2d1f7f15a43526841b679445c32e2","status":"affected","version":"3cb03edb4de33fd04c4ea55f47397b96a8657c53","versionType":"git"},{"lessThan":"779c60a5190c42689534172f4b49e927c9959e4e","status":"affected","version":"3cb03edb4de33fd04c4ea55f47397b96a8657c53","versionType":"git"},{"status":"affected","version":"fb1adb05ea87b6149e65a31e511756c4f470d0cd","versionType":"git"},{"status":"affected","version":"f123293db16dcd0cd81b246ae60e6362f0025d0a","versionType":"git"},{"lessThan":"6.2","status":"affected","version":"6.1.107","versionType":"semver"},{"lessThan":"6.7","status":"affected","version":"6.6.48","versionType":"semver"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["net/netfilter/nft_counter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"6.7"},{"lessThan":"6.7","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"6.19.*","status":"unaffected","version":"6.19.4","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.0","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19.4","versionStartIncluding":"6.7","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","versionStartIncluding":"6.7","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.107","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.48","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_counter: serialize reset with spinlock\n\nAdd a global static spinlock to serialize counter fetch+reset\noperations, preventing concurrent dump-and-reset from underrunning\nvalues.\n\nThe lock is taken before fetching the total so that two parallel\nresets cannot both read the same counter values and then both\nsubtract them.\n\nA global lock is used for simplicity since resets are infrequent.\nIf this becomes a bottleneck, it can be replaced with a per-net\nlock later."}],"providerMetadata":{"dateUpdated":"2026-05-27T12:17:07.038Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/0cdc6d5a26f2d1f7f15a43526841b679445c32e2"},{"url":"https://git.kernel.org/stable/c/779c60a5190c42689534172f4b49e927c9959e4e"}],"title":"netfilter: nft_counter: serialize reset with spinlock","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-45897","datePublished":"2026-05-27T12:17:07.038Z","dateReserved":"2026-05-13T15:03:33.083Z","dateUpdated":"2026-05-27T12:17:07.038Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-27 14:17:03","lastModifiedDate":"2026-05-27 14:48:31","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"45897","Ordinal":"1","Title":"netfilter: nft_counter: serialize reset with spinlock","CVE":"CVE-2026-45897","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"45897","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_counter: serialize reset with spinlock\n\nAdd a global static spinlock to serialize counter fetch+reset\noperations, preventing concurrent dump-and-reset from underrunning\nvalues.\n\nThe lock is taken before fetching the total so that two parallel\nresets cannot both read the same counter values and then both\nsubtract them.\n\nA global lock is used for simplicity since resets are infrequent.\nIf this becomes a bottleneck, it can be replaced with a per-net\nlock later.","Type":"Description","Title":"netfilter: nft_counter: serialize reset with spinlock"}]}}}