CVE-2026-46101
Awaiting Analysis Awaiting Analysis - Queue
Zero Shift Rejection in Linux Kernel Netfilter

Publication date: 2026-05-27

Last updated on: 2026-06-01

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in nft_bitwise Reject zero shift operands for nft_bitwise left and right shift expressions during initialization. The carry propagation logic computes the carry from the adjacent 32-bit word using BITS_PER_TYPE(u32) - shift. A zero shift operand turns this into a 32-bit shift, which is undefined behaviour. Reject zero shift operands in the control plane, alongside the existing check for values greater than or equal to 32, so malformed rules never reach the packet path.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-01
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-46101
EUVD
EUVD-2026-32484
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel *
linux_kernel linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's netfilter component, specifically in the nft_bitwise expressions that perform left and right bit shifts.

The issue arises because zero shift operands were not properly rejected during initialization. The carry propagation logic calculates the carry from an adjacent 32-bit word using the formula BITS_PER_TYPE(u32) - shift. When the shift operand is zero, this calculation effectively becomes a 32-bit shift, which is undefined behavior.

The fix involves rejecting zero shift operands in the control plane, along with existing checks for shift values greater than or equal to 32, ensuring that malformed rules do not reach the packet processing path.

Mitigation Strategies

The vulnerability is resolved by rejecting zero shift operands in nft_bitwise left and right shift expressions during initialization, preventing malformed rules from reaching the packet path.

To mitigate this vulnerability, ensure your Linux kernel is updated to a version that includes this fix, which rejects zero shift operands in the control plane.

Impact Analysis

This vulnerability involves the Linux kernel's netfilter component where zero shift operands in nft_bitwise left and right shift expressions cause undefined behavior during initialization.

If exploited, malformed rules with zero shift operands could potentially reach the packet path, leading to unpredictable behavior in packet filtering or firewall rules.

However, the vulnerability has been resolved by rejecting zero shift operands in the control plane, preventing malformed rules from affecting packet processing.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46101. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart