CVE-2026-45901
Linux Kernel Circular Lock Dependency in Netfilter
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's netfilter subsystem, specifically in nf_tables. It involves a circular lock dependency between three mutexes: commit_mutex, nfnl_subsys_ipset, and nlk_cb_mutex. This circular dependency occurs when nft reset, ipset list, and iptables-nft with the '-m set' rule are run simultaneously.
The issue was caused by the use of commit_mutex in the reset path, which led to this circular locking problem. The vulnerability was resolved by reverting the use of commit_mutex in this context, as previous patches had already made it safe to run individual reset handlers concurrently without requiring commit_mutex.
How can this vulnerability impact me? :
This vulnerability can cause a circular lock dependency in the Linux kernel's netfilter subsystem, which may lead to deadlocks when certain network filtering operations are performed concurrently. Specifically, running nft reset, ipset list, and iptables-nft with the '-m set' rule at the same time can trigger this condition.
Such deadlocks can cause system hangs or degraded network functionality, potentially impacting system stability and availability.