CVE-2026-45901 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: revert commit_mutex usage in reset path It causes circular lock dependency between commit_mutex, nfnl_subsys_ipset and nlk_cb_mutex when nft reset, ipset list, and iptables-nft with '-m set' rule run at the same time. Previous patches made it safe to run individual reset handlers concurrently so commit_mutex is no longer required to prevent this.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/7f261bb906bf527c4a6e2a646e2d5f3679f2a8bc
https://git.kernel.org/stable/c/ee3978b6a0dcd4215cb7cedcba705a12174786a7

History

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: revert commit_mutex usage in reset path It causes circular lock dependency between commit_mutex, nfnl_subsys_ipset and nlk_cb_mutex when nft reset, ipset list, and iptables-nft with '-m set' rule run at the same time. Previous patches made it safe to run individual reset handlers concurrently so commit_mutex is no longer required to prevent this.
Title		netfilter: nf_tables: revert commit_mutex usage in reset path
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/7f261bb906bf527c4a6e2a646e2d5f3679f2a8bc https://git.kernel.org/stable/c/ee3978b6a0dcd4215cb7cedcba705a12174786a7

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:17:09.861Z

Updated: 2026-05-27T12:17:09.861Z

Reserved: 2026-05-13T15:03:33.084Z

Link: CVE-2026-45901

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:04.483

Modified: 2026-05-27T14:48:31.480

Link: CVE-2026-45901

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-45901", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.084Z", "datePublished": "2026-05-27T12:17:09.861Z", "dateUpdated": "2026-05-27T12:17:09.861Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-27T12:17:09.861Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: revert commit_mutex usage in reset path\n\nIt causes circular lock dependency between commit_mutex, nfnl_subsys_ipset\nand nlk_cb_mutex when nft reset, ipset list, and iptables-nft with '-m set'\nrule run at the same time.\n\nPrevious patches made it safe to run individual reset handlers concurrently\nso commit_mutex is no longer required to prevent this."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nf_tables_api.c"], "versions": [{"version": "3cb03edb4de33fd04c4ea55f47397b96a8657c53", "lessThan": "ee3978b6a0dcd4215cb7cedcba705a12174786a7", "status": "affected", "versionType": "git"}, {"version": "3cb03edb4de33fd04c4ea55f47397b96a8657c53", "lessThan": "7f261bb906bf527c4a6e2a646e2d5f3679f2a8bc", "status": "affected", "versionType": "git"}, {"version": "fb1adb05ea87b6149e65a31e511756c4f470d0cd", "status": "affected", "versionType": "git"}, {"version": "f123293db16dcd0cd81b246ae60e6362f0025d0a", "status": "affected", "versionType": "git"}, {"version": "6.1.107", "lessThan": "6.2", "status": "affected", "versionType": "semver"}, {"version": "6.6.48", "lessThan": "6.7", "status": "affected", "versionType": "semver"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nf_tables_api.c"], "versions": [{"version": "6.7", "status": "affected"}, {"version": "0", "lessThan": "6.7", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.4", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.19.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "7.0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.107"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.48"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ee3978b6a0dcd4215cb7cedcba705a12174786a7"}, {"url": "https://git.kernel.org/stable/c/7f261bb906bf527c4a6e2a646e2d5f3679f2a8bc"}], "title": "netfilter: nf_tables: revert commit_mutex usage in reset path", "x_generator": {"engine": "bippy-1.2.0"}}}}