{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-45873","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-13T15:03:33.081Z","datePublished":"2026-05-27T12:15:52.916Z","dateUpdated":"2026-05-27T12:15:52.916Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-27T12:15:52.916Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_rbtree: check for partial overlaps in anonymous sets\n\nUserspace provides an optimized representation in case intervals are\nadjacent, where the end element is omitted.\n\nThe existing partial overlap detection logic skips anonymous set checks\non start elements for this reason.\n\nHowever, it is possible to add intervals that overlap to this anonymous\nwhere two start elements with the same, eg. A-B, A-C where C < B.\n\n      start     end\n\tA        B\n      start  end\n        A     C\n\nRestore the check on overlapping start elements to report an overlap."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/nft_set_rbtree.c"],"versions":[{"version":"4aacf3d78424293e318c616016865380b37b9cc5","lessThan":"7ca5813e1b21ef300e04593f47b073ef3217aac6","status":"affected","versionType":"git"},{"version":"2bf1435fa19d2c58054391b3bba40d5510a5758c","lessThan":"029e5f6a95e905b12d6bc20421be32a01e0eb311","status":"affected","versionType":"git"},{"version":"318cb24a4c3fce8140afaf84e4d45fcb76fb280b","lessThan":"f1381ce0a1dd013610985e1c4260908163a427df","status":"affected","versionType":"git"},{"version":"c9e6978e2725a7d4b6cd23b2facd3f11422c0643","lessThan":"f1535d56fc3f6c625b7e0559c006bd0318791bb1","status":"affected","versionType":"git"},{"version":"c9e6978e2725a7d4b6cd23b2facd3f11422c0643","lessThan":"05feaf826390fd16f1deb89dd9412def3b2a280f","status":"affected","versionType":"git"},{"version":"c9e6978e2725a7d4b6cd23b2facd3f11422c0643","lessThan":"dad14d22dff1a191612acb98facceb303d0524a2","status":"affected","versionType":"git"},{"version":"c9e6978e2725a7d4b6cd23b2facd3f11422c0643","lessThan":"e6497e06a102870803a59570d75ed2c36d7e11b3","status":"affected","versionType":"git"},{"version":"c9e6978e2725a7d4b6cd23b2facd3f11422c0643","lessThan":"4780ec142cbb24b794129d3080eee5cac2943ffc","status":"affected","versionType":"git"},{"version":"7ab87a326f20c52ff4d9972052d085be951c704b","status":"affected","versionType":"git"},{"version":"181859bdfb9734aca449512fccaee4cacce64aed","status":"affected","versionType":"git"},{"version":"5.10.166","lessThan":"5.10.252","status":"affected","versionType":"semver"},{"version":"5.15.91","lessThan":"5.15.202","status":"affected","versionType":"semver"},{"version":"6.1.9","lessThan":"6.1.165","status":"affected","versionType":"semver"},{"version":"4.19.316","lessThan":"4.20","status":"affected","versionType":"semver"},{"version":"5.4.262","lessThan":"5.5","status":"affected","versionType":"semver"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/nft_set_rbtree.c"],"versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","status":"unaffected","versionType":"semver"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.166","versionEndExcluding":"5.10.252"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.91","versionEndExcluding":"5.15.202"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.9","versionEndExcluding":"6.1.165"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.12.75"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.18.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.19.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"7.0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.316"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.262"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7ca5813e1b21ef300e04593f47b073ef3217aac6"},{"url":"https://git.kernel.org/stable/c/029e5f6a95e905b12d6bc20421be32a01e0eb311"},{"url":"https://git.kernel.org/stable/c/f1381ce0a1dd013610985e1c4260908163a427df"},{"url":"https://git.kernel.org/stable/c/f1535d56fc3f6c625b7e0559c006bd0318791bb1"},{"url":"https://git.kernel.org/stable/c/05feaf826390fd16f1deb89dd9412def3b2a280f"},{"url":"https://git.kernel.org/stable/c/dad14d22dff1a191612acb98facceb303d0524a2"},{"url":"https://git.kernel.org/stable/c/e6497e06a102870803a59570d75ed2c36d7e11b3"},{"url":"https://git.kernel.org/stable/c/4780ec142cbb24b794129d3080eee5cac2943ffc"}],"title":"netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets","x_generator":{"engine":"bippy-1.2.0"}}}}