Out-of-Bounds Read Vulnerability in Linux Kernel Netfilter ebtables
CVE-2026-52927

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 June 2026

What is CVE-2026-52927?

A vulnerability in the Linux kernel's netfilter component involves the compat_mtw_from_user() function, which improperly handles user-supplied match_size and target_size during ebtables extension conversions. This may lead to out-of-bounds reads if size requirements are not met. The issue arises when kernel memory access is based on user-defined sizes, potentially allowing unauthorized memory reads. A recent fix has been implemented to enforce proper size validation, ensuring that match_size is sufficiently large according to the extension's requirements. This enhancement aims to protect against unintended memory access while maintaining compatibility across standard targets.

Affected Version(s)

Linux 81e675c227ec60a0bdcbb547dc530ebee23ff931

Linux 81e675c227ec60a0bdcbb547dc530ebee23ff931 < 21af4c030567d2e6c89bb927bc18b51fba52a400

Linux 81e675c227ec60a0bdcbb547dc530ebee23ff931

References

https://git.kernel.org/stable/c/d7a8fb6f10d55a1c37b0bf8c2...

https://git.kernel.org/stable/c/21af4c030567d2e6c89bb927b...

https://git.kernel.org/stable/c/dad9ebf8107955bb54bd3f9cf...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-52927 Data

JSON