{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-52921","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-06-09T07:44:35.367Z","datePublished":"2026-06-24T07:14:16.533Z","dateUpdated":"2026-06-24T07:14:16.533Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-24T07:14:16.533Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: stop hash:* range iteration at end\n\nThe following hash set variants:\n\nhash:ip,mark\nhash:ip,port\nhash:ip,port,ip\nhash:ip,port,net\n\niterate IPv4 ranges with a 32-bit iterator.\n\nThe iterator must stop once the last address in the requested range has\nbeen processed. Advancing it once more can move the traversal state past\nthe end of the request, so a later retry may continue from an unintended\nposition.\n\nHandle the iterator increment explicitly at the end of the loop and stop\nonce the upper bound has been processed. This keeps the existing retry\nbehaviour intact for valid ranges while preventing traversal from\ncontinuing past the original boundary."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/ipset/ip_set_hash_ipmark.c","net/netfilter/ipset/ip_set_hash_ipport.c","net/netfilter/ipset/ip_set_hash_ipportip.c","net/netfilter/ipset/ip_set_hash_ipportnet.c"],"versions":[{"version":"48596a8ddc46f96afb6a2cd72787cb15d6bb01fc","lessThan":"be75218fadea22e59c8673db212f29c681bf45bb","status":"affected","versionType":"git"},{"version":"48596a8ddc46f96afb6a2cd72787cb15d6bb01fc","lessThan":"383418c20e69f5761b6ec5238f599423f4fb77fb","status":"affected","versionType":"git"},{"version":"48596a8ddc46f96afb6a2cd72787cb15d6bb01fc","lessThan":"0d7b33ace701fe397e6e4de145f32e098178d901","status":"affected","versionType":"git"},{"version":"48596a8ddc46f96afb6a2cd72787cb15d6bb01fc","lessThan":"c281e018af98df91827d65bec00f4956c00a1b02","status":"affected","versionType":"git"},{"version":"48596a8ddc46f96afb6a2cd72787cb15d6bb01fc","lessThan":"02f75f041a93ea045834da89cd3234f4c1d749b4","status":"affected","versionType":"git"},{"version":"48596a8ddc46f96afb6a2cd72787cb15d6bb01fc","lessThan":"952e988163c2ab9939c3db9f0f8e77af6a1bb436","status":"affected","versionType":"git"},{"version":"48596a8ddc46f96afb6a2cd72787cb15d6bb01fc","lessThan":"0b530efb2cc9dbdddfd49d392e3a857f0d4ce8dc","status":"affected","versionType":"git"},{"version":"48596a8ddc46f96afb6a2cd72787cb15d6bb01fc","lessThan":"0d3a282ab5f165fc207ff49ea5b6ad8f54616bd6","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/ipset/ip_set_hash_ipmark.c","net/netfilter/ipset/ip_set_hash_ipport.c","net/netfilter/ipset/ip_set_hash_ipportip.c","net/netfilter/ipset/ip_set_hash_ipportnet.c"],"versions":[{"version":"4.14","status":"affected"},{"version":"0","lessThan":"4.14","status":"unaffected","versionType":"semver"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"5.10.258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"5.15.209"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"6.1.175"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"6.6.142"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"6.12.92"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"6.18.34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"7.0.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14","versionEndExcluding":"7.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/be75218fadea22e59c8673db212f29c681bf45bb"},{"url":"https://git.kernel.org/stable/c/383418c20e69f5761b6ec5238f599423f4fb77fb"},{"url":"https://git.kernel.org/stable/c/0d7b33ace701fe397e6e4de145f32e098178d901"},{"url":"https://git.kernel.org/stable/c/c281e018af98df91827d65bec00f4956c00a1b02"},{"url":"https://git.kernel.org/stable/c/02f75f041a93ea045834da89cd3234f4c1d749b4"},{"url":"https://git.kernel.org/stable/c/952e988163c2ab9939c3db9f0f8e77af6a1bb436"},{"url":"https://git.kernel.org/stable/c/0b530efb2cc9dbdddfd49d392e3a857f0d4ce8dc"},{"url":"https://git.kernel.org/stable/c/0d3a282ab5f165fc207ff49ea5b6ad8f54616bd6"}],"title":"netfilter: ipset: stop hash:* range iteration at end","x_generator":{"engine":"bippy-1.2.0"}}}}