Description
In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: join hook list via splice_list_rcu() in commit phase

Publish new hooks in the list into the basechain/flowtable using
splice_list_rcu() to ensure netlink dump list traversal via rcu is safe
while concurrent ruleset update is going on.
Published: 2026-06-24
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A race condition in the nf_tables occurs during the commit phase when new hooks are linked into the hook list via splice_list_rcu(). The improper synchronization can cause the hook list to become inconsistent. When Netlink processes traverse the list, this inconsistency may cause the kernel to become unstable or terminate unexpectedly. The core weakness is a race condition that can lead to kernel crash or perceived lock corruption (CWE-821).

Affected Systems

All Linux kernel builds that include the nf_tables component are potentially affected. The advisory references the generic Linux kernel family without specifying exact version ranges; thus any kernel that contains nf_tables and does not include the patch commit that resolves the splice_list_rcu race condition is at risk.

Risk and Exploitability

The CVE-2026-52988 is 7.1, indicating high severity, while the EPSS score is less than 1%, pointing to a very low exploitation probability. The vulnerability is not listed in the CISA KEV catalog, and no public exploit is known. Based on the description, it is inferred that an attacker would need to perform concurrent ruleset updates during the nf_tables commit phase, which typically requires local privileged access. The likely attack vector is therefore local, privileged. Exploitation could lead the kernel to crash, resulting in denial of service.

Generated by OpenCVE AI on June 28, 2026 at 13:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a version that includes the nf_tables splice_list_rcu patch commit
  • If a kernel upgrade is not immediately possible, limit the creation and modification of nf_tables rule sets to trusted users with elevated privileges and enable auditing of these changes
  • Monitor system logs for kernel panics, RCU stall warnings, or other indications of race conditions during netfilter operations

Generated by OpenCVE AI on June 28, 2026 at 13:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}


Fri, 26 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-821
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Wed, 24 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: join hook list via splice_list_rcu() in commit phase Publish new hooks in the list into the basechain/flowtable using splice_list_rcu() to ensure netlink dump list traversal via rcu is safe while concurrent ruleset update is going on.
Title netfilter: nf_tables: join hook list via splice_list_rcu() in commit phase
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:37:42.094Z

Reserved: 2026-06-09T07:44:35.376Z

Link: CVE-2026-52988

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-52988 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T13:45:06Z

Weaknesses
  • CWE-821

    Incorrect Synchronization