HIGH
netfilter NetdevHook Race
CVE-2026-43454
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
KernelScan AI3.0LOW
01Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix for duplicate device in netdev hooks When handling NETDEV_REGISTER notification, duplicate device registration must be avoided since the device may have been added by nft_netdev_hook_alloc() already when creating the hook.
02KernelScan AI Analysis
Risk summary
A race condition in netfilter's nf_tables subsystem could lead to duplicate device registrations in netdev hooks. This affects systems where administrators manage network filtering rules and could cause networking disruption. The vulnerability requires CAP_NET_ADMIN privileges to exploit.
Vulnerability analysis
The vulnerability stems from incorrect logic in handling NETDEV_REGISTER events within netfilter's nf_tables code. The original condition incorrectly checked both changename and ops existence, allowing duplicate device registrations under certain timing conditions. The fix simplifies the logic to properly skip registration when hook operations already exist, preventing the race condition. This affects local network device management and requires administrative privileges to trigger.
03Fix Versions
| Branch | Fixed in | Patch commit |
|---|---|---|
| 6.18 | 6.18.19 | 6d2a95c68905 |
| 6.19 | 6.19.9 | 2041cdb07804 |
| mainline | 7.0 | b7cdc5a97d02 |