CVE-2026-25702
Improper Access Control in SUSE Linux Kernel Breaks nftables Firewall
Publication date: 2026-03-05
Last updated on: 2026-03-09
Assigner: SUSE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| suse | linux_enterprise_server | 12 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "This vulnerability is an Improper Access Control issue in the kernel of SUSE Linux Enterprise Server 12 SP5 that breaks nftables functionality. Specifically, due to an incorrect backport of a kernel commit, nftables support is disabled, causing any attempt to create nftables tables to fail with an 'Operation Not Supported' error. This effectively disables nftables, which is a firewalling tool used to manage network packet filtering."}, {'type': 'paragraph', 'content': 'The problem affects users running SUSE Linux Enterprise 12 SP5, especially those using nftables within containers or services like fail2ban that rely on nftables. The vulnerability was introduced in a specific kernel version and later fixed in a subsequent commit.'}] [1]
How can this vulnerability impact me? :
This vulnerability can impact you by disabling nftables firewall rules on affected SUSE Linux Enterprise Server 12 SP5 systems. As a result, firewall rules applied via nftables will not be effective, potentially leaving your system unprotected against network threats.
Services that depend on nftables, such as fail2ban, will fail to operate correctly because nftables commands become no-ops. This can increase the risk of unauthorized access or attacks due to ineffective firewall enforcement.
The issue is particularly relevant if you use containers that require nftables functionality, as the vulnerability disables this capability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking whether nftables functionality is broken or disabled on your SUSE Linux Enterprise Server 12 SP5 system. Specifically, attempts to create nftables tables will return the error EOPNOTSUPP (Operation Not Supported), indicating that nftables is not functioning correctly.'}, {'type': 'paragraph', 'content': 'You can test this by running nftables commands such as:'}, {'type': 'list_item', 'content': 'nft list tables'}, {'type': 'list_item', 'content': 'nft add table inet test'}, {'type': 'paragraph', 'content': "If these commands fail with an 'Operation Not Supported' error, it indicates the vulnerability is present and nftables is broken."}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the kernel on your SUSE Linux Enterprise Server 12 SP5 to a version that includes the fix commit 9c294edb7085fb91650bc12233495a8974c5ff2d. This will restore proper nftables functionality and resolve the vulnerability.
Until the upgrade is applied, services relying on nftables, such as fail2ban, may not function correctly, so consider alternative firewall or intrusion prevention measures.