netfilter
by Linux
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-35896 | Hig | 0.46 | 7.1 | 0.00 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: validate user input for expected length I got multiple syzbot reports showing old bugs exposed by BPF after commit 20f2505fb436 ("bpf: Try to avoid kzalloc in cgroup/{s,g}etsockopt") setsockopt()… | ||
| CVE-2026-53349 | mod | 0.36 | 5.5 | — | Jul 1, 2026 | kernel: netfilter: nf_conntrack: destroy stale expectfn expectations on unregister | ||
| CVE-2001-1572 | 0.00 | — | 0.03 | Dec 31, 2001 | The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets. |
- risk 0.46cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: netfilter: validate user input for expected length I got multiple syzbot reports showing old bugs exposed by BPF after commit 20f2505fb436 ("bpf: Try to avoid kzalloc in cgroup/{s,g}etsockopt") setsockopt()…
- risk 0.36cvss 5.5epss —
kernel: netfilter: nf_conntrack: destroy stale expectfn expectations on unregister
- CVE-2001-1572Dec 31, 2001risk 0.00cvss —epss 0.03
The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets.