Division by Zero Vulnerability in Linux Kernel's Netfilter Component
CVE-2026-45841

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-45841?

In the Linux kernel, a vulnerability exists within the netfilter's nfnetlink_osf module, which can lead to a critical divide-by-zero error during TCP SYN packet processing. When a user with CAP_NET_ADMIN privileges adds a fingerprint with an invalid window size value, it causes a kernel panic. An attacker could exploit this flaw by introducing a malformed fingerprint, leading to a crash of the kernel when matched TCP SYN packets are processed. The issue has been addressed by implementing necessary checks in the nf_osf_match_one() function to prevent the divide-by-zero scenario, thereby enhancing the overall stability and security of the kernel.

Affected Version(s)

Linux 11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384 < 8def8fbd23f40e945febe913d04b731012ce0082

Linux 11eeef41d5f63c7d2f7fdfcc733eb7fb137cc384

References

https://git.kernel.org/stable/c/8def8fbd23f40e945febe913d...

https://git.kernel.org/stable/c/c55940895245d8ef658ab3812...

https://git.kernel.org/stable/c/fb965b1cfe92b28d28b5ebe31...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-45841 Data

JSON