CVE-2026-53269 is a vulnerability in Linux Kernel
Published on June 25, 2026
netfilter: synproxy: add mutex to guard hook reference counting
In the Linux kernel, the following vulnerability has been resolved:
netfilter: synproxy: add mutex to guard hook reference counting
As the synproxy infrastructure register netfilter hooks on-demand when a
user adds the first iptables target or nftables expression, if done
concurrently they can race each other.
Introduce a mutex to serialize the refcount control blocks access from
both frontends. While a per namespace mutex might be more efficient, it
is not needed for target/expression like SYNPROXY.
Products Associated with CVE-2026-53269
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version ad49d86e07a497e834cb06f2b151dccd75f8e148 and below 0ec9ddc1bda261a2c57636c74c8b4e53000102c9 is affected.
- Version ad49d86e07a497e834cb06f2b151dccd75f8e148 and below 56ffbe3a08c01dcdb0d6adee9ce1e535bfb3b389 is affected.
- Version ad49d86e07a497e834cb06f2b151dccd75f8e148 and below debc57b83d5b323df74bf010c8d50fe26ad2ed6b is affected.
- Version ad49d86e07a497e834cb06f2b151dccd75f8e148 and below 0f8ba5e4c53d2e4a536aa68140beda9fe59b2f88 is affected.
- Version ad49d86e07a497e834cb06f2b151dccd75f8e148 and below 640441348258220e78daed40528b85b8afcedab6 is affected.
- Version ad49d86e07a497e834cb06f2b151dccd75f8e148 and below aaf80701dc2f7a48fe543961e21f8ca3924d587c is affected.
- Version ad49d86e07a497e834cb06f2b151dccd75f8e148 and below fbf0591275f50eae5733c3d7a8cd6c1e79933ffa is affected.
- Version ad49d86e07a497e834cb06f2b151dccd75f8e148 and below 2fcba19caaeb2a33017459d3430f057967bb91b6 is affected.
- Version 5.3 is affected.
- Before 5.3 is unaffected.
- Version 5.10.259, <= 5.10.* is unaffected.
- Version 5.15.210, <= 5.15.* is unaffected.
- Version 6.1.176, <= 6.1.* is unaffected.
- Version 6.6.143, <= 6.6.* is unaffected.
- Version 6.12.94, <= 6.12.* is unaffected.
- Version 6.18.36, <= 6.18.* is unaffected.
- Version 7.0.13, <= 7.0.* is unaffected.
- Version 7.1, <= * is unaffected.