CVE-2026-53269 - Vulnerability Details

- netfilter: synproxy: add mutex to guard hook reference counting

Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: synproxy: add mutex to guard hook reference counting

As the synproxy infrastructure register netfilter hooks on-demand when a
user adds the first iptables target or nftables expression, if done
concurrently they can race each other.

Introduce a mutex to serialize the refcount control blocks access from
both frontends. While a per namespace mutex might be more efficient, it
is not needed for target/expression like SYNPROXY.

Published: 2026-06-25

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`ad49d86e07a497e834cb06f2b151dccd75f8e148`	affected	< 0ec9ddc1bda261a2c57636c74c8b4e53000102c9
`ad49d86e07a497e834cb06f2b151dccd75f8e148`	affected	< 56ffbe3a08c01dcdb0d6adee9ce1e535bfb3b389
`ad49d86e07a497e834cb06f2b151dccd75f8e148`	affected	< debc57b83d5b323df74bf010c8d50fe26ad2ed6b
`ad49d86e07a497e834cb06f2b151dccd75f8e148`	affected	< 0f8ba5e4c53d2e4a536aa68140beda9fe59b2f88
`ad49d86e07a497e834cb06f2b151dccd75f8e148`	affected	< 640441348258220e78daed40528b85b8afcedab6
`ad49d86e07a497e834cb06f2b151dccd75f8e148`	affected	< aaf80701dc2f7a48fe543961e21f8ca3924d587c
`ad49d86e07a497e834cb06f2b151dccd75f8e148`	affected	< fbf0591275f50eae5733c3d7a8cd6c1e79933ffa
`ad49d86e07a497e834cb06f2b151dccd75f8e148`	affected	< 2fcba19caaeb2a33017459d3430f057967bb91b6

Linux

affected

Version	Status	Constraints
`5.3`	affected	—
`0`	unaffected	< 5.3
`5.10.259`	unaffected	≤ 5.10.*
`5.15.210`	unaffected	≤ 5.15.*
`6.1.176`	unaffected	≤ 6.1.*
`6.6.143`	unaffected	≤ 6.6.*
`6.12.94`	unaffected	≤ 6.12.*
`6.18.36`	unaffected	≤ 6.18.*
`7.0.13`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[ad49d86e07a497e834cb06f2b151dccd75f8e148,0ec9ddc1bda261a2c57636c74c8b4e53000102c9)`	affected	code_commit	—
`[ad49d86e07a497e834cb06f2b151dccd75f8e148,56ffbe3a08c01dcdb0d6adee9ce1e535bfb3b389)`	affected	code_commit	—
`[ad49d86e07a497e834cb06f2b151dccd75f8e148,debc57b83d5b323df74bf010c8d50fe26ad2ed6b)`	affected	code_commit	—
`[ad49d86e07a497e834cb06f2b151dccd75f8e148,0f8ba5e4c53d2e4a536aa68140beda9fe59b2f88)`	affected	code_commit	—
`[ad49d86e07a497e834cb06f2b151dccd75f8e148,640441348258220e78daed40528b85b8afcedab6)`	affected	code_commit	—
`[ad49d86e07a497e834cb06f2b151dccd75f8e148,aaf80701dc2f7a48fe543961e21f8ca3924d587c)`	affected	code_commit	—
`[ad49d86e07a497e834cb06f2b151dccd75f8e148,fbf0591275f50eae5733c3d7a8cd6c1e79933ffa)`	affected	code_commit	—
`[ad49d86e07a497e834cb06f2b151dccd75f8e148,2fcba19caaeb2a33017459d3430f057967bb91b6)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.3`	affected	generic	—
`[0,5.3)`	unaffected	generic	—
`[5.10.259,5.11.0)`	unaffected	semver	—
`[5.15.210,5.16.0)`	unaffected	semver	—
`[6.1.176,6.2.0)`	unaffected	semver	—
`[6.6.143,6.7.0)`	unaffected	semver	—
`[6.12.94,6.13.0)`	unaffected	semver	—
`[6.18.36,6.19.0)`	unaffected	semver	—
`[7.0.13,7.1.0)`	unaffected	semver	—
`[7.1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00172.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0ec9ddc1bda261a2c57636c74c8b4e53000102c9
https://git.kernel.org/stable/c/0f8ba5e4c53d2e4a536aa68140beda9fe59b2f88
https://git.kernel.org/stable/c/2fcba19caaeb2a33017459d3430f057967bb91b6
https://git.kernel.org/stable/c/56ffbe3a08c01dcdb0d6adee9ce1e535bfb3b389
https://git.kernel.org/stable/c/640441348258220e78daed40528b85b8afcedab6
https://git.kernel.org/stable/c/aaf80701dc2f7a48fe543961e21f8ca3924d587c
https://git.kernel.org/stable/c/debc57b83d5b323df74bf010c8d50fe26ad2ed6b
https://git.kernel.org/stable/c/fbf0591275f50eae5733c3d7a8cd6c1e79933ffa
https://lore.kernel.org/linux-cve-announce/2026062518-CVE-2026-53269-bb6e@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-53269
https://www.cve.org/CVERecord?id=CVE-2026-53269

History

Fri, 26 Jun 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-820
References		https://lore.kernel.org/linux-cve-announce/2026062518-CVE-2026-53269-bb6e@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-53269 https://www.cve.org/CVERecord?id=CVE-2026-53269
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Thu, 25 Jun 2026 12:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-362

Thu, 25 Jun 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: add mutex to guard hook reference counting As the synproxy infrastructure register netfilter hooks on-demand when a user adds the first iptables target or nftables expression, if done concurrently they can race each other. Introduce a mutex to serialize the refcount control blocks access from both frontends. While a per namespace mutex might be more efficient, it is not needed for target/expression like SYNPROXY.
Title		netfilter: synproxy: add mutex to guard hook reference counting
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0ec9ddc1bda261a2c57636c74c8b4e53000102c9 https://git.kernel.org/stable/c/0f8ba5e4c53d2e4a536aa68140beda9fe59b2f88 https://git.kernel.org/stable/c/2fcba19caaeb2a33017459d3430f057967bb91b6 https://git.kernel.org/stable/c/56ffbe3a08c01dcdb0d6adee9ce1e535bfb3b389 https://git.kernel.org/stable/c/640441348258220e78daed40528b85b8afcedab6 https://git.kernel.org/stable/c/aaf80701dc2f7a48fe543961e21f8ca3924d587c https://git.kernel.org/stable/c/debc57b83d5b323df74bf010c8d50fe26ad2ed6b https://git.kernel.org/stable/c/fbf0591275f50eae5733c3d7a8cd6c1e79933ffa

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-25T08:39:55.172Z

Updated: 2026-06-25T08:39:55.172Z

Reserved: 2026-06-09T07:44:35.395Z

Link: CVE-2026-53269

Vulnrichment

No data.

NVD

No data.

Redhat

Severity : Moderate

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53269 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-26T14:00:22Z

Weaknesses

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object