CVE-2026-25702
Received Received - Intake
Improper Access Control in SUSE Linux Kernel Breaks nftables Firewall

Publication date: 2026-03-05

Last updated on: 2026-03-09

Assigner: SUSE

Description
A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-09
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25702
EUVD
EUVD-2026-9793
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
suse linux_enterprise_server 12
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "This vulnerability is an Improper Access Control issue in the kernel of SUSE Linux Enterprise Server 12 SP5 that breaks nftables functionality. Specifically, due to an incorrect backport of a kernel commit, nftables support is disabled, causing any attempt to create nftables tables to fail with an 'Operation Not Supported' error. This effectively disables nftables, which is a firewalling tool used to manage network packet filtering."}, {'type': 'paragraph', 'content': 'The problem affects users running SUSE Linux Enterprise 12 SP5, especially those using nftables within containers or services like fail2ban that rely on nftables. The vulnerability was introduced in a specific kernel version and later fixed in a subsequent commit.'}] [1]

Impact Analysis

This vulnerability can impact you by disabling nftables firewall rules on affected SUSE Linux Enterprise Server 12 SP5 systems. As a result, firewall rules applied via nftables will not be effective, potentially leaving your system unprotected against network threats.

Services that depend on nftables, such as fail2ban, will fail to operate correctly because nftables commands become no-ops. This can increase the risk of unauthorized access or attacks due to ineffective firewall enforcement.

The issue is particularly relevant if you use containers that require nftables functionality, as the vulnerability disables this capability.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking whether nftables functionality is broken or disabled on your SUSE Linux Enterprise Server 12 SP5 system. Specifically, attempts to create nftables tables will return the error EOPNOTSUPP (Operation Not Supported), indicating that nftables is not functioning correctly.'}, {'type': 'paragraph', 'content': 'You can test this by running nftables commands such as:'}, {'type': 'list_item', 'content': 'nft list tables'}, {'type': 'list_item', 'content': 'nft add table inet test'}, {'type': 'paragraph', 'content': "If these commands fail with an 'Operation Not Supported' error, it indicates the vulnerability is present and nftables is broken."}] [1]

Mitigation Strategies

The immediate mitigation step is to upgrade the kernel on your SUSE Linux Enterprise Server 12 SP5 to a version that includes the fix commit 9c294edb7085fb91650bc12233495a8974c5ff2d. This will restore proper nftables functionality and resolve the vulnerability.

Until the upgrade is applied, services relying on nftables, such as fail2ban, may not function correctly, so consider alternative firewall or intrusion prevention measures.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25702. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart