CVE-2026-53220

Name: CVE-2026-53220 — Vulnerability Record
Brand: Quanteta Data Lab
SKU: CVE-2026-53220

No CVSS score published · EPSS: 0.0018 (7.2 percentile)

Source data as of: 2026-06-26 05:02:17 UTC

At a glance

Severity: No CVSS score published
CVSS: No CVSS score in the NVD record
EPSS: 0.0018 (7.2 percentile) · FIRST.org
CISA KEV: No
Published: 2026-06-25 · Modified: 2026-06-25
References: Jump to references (4)

CVSS / EPSS / KEV

EPSS 0.0018 7.2 percentile Source: FIRST.org

CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: revalidate bridge ports ebt_redirect_tg() dereferences br_port_get_rcu() return without a NULL check, causing a kernel panic when the bridge port has been removed between the original hook invocation and an NFQUEUE reinject. A mere NULL check isn't sufficient, however. As sashiko review points out userspace can not only remove the port from the bridge, it could also place the device in a different virtual device, e.g. macvlan. If this happens, we must drop the packet, there is no way for us to reinject it into the bridge path. Switch to _upper API, we don't need the bridge port structure. Also, this fix keeps another bug intact: Both nfnetlink_log and nfnetlink_queue use CONFIG_BRIDGE_NETFILTER too aggressive, which prevents certain logging features when queueing in bridge family: NETFILTER_FAMILY_BRIDGE can be enabled while the old CONFIG_BRIDGE_NETFILTER cruft is off. Fixes tag is a common ancestor, this was always broken.

Record details

CVE ID: CVE-2026-53220
EPSS: 0.0018 (7.2 percentile) — 2026-06-26
CISA KEV: No
Affected configurations (CPE): 0
Published: 2026-06-25
Modified: 2026-06-25
Status: Received

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

← Back to all records