| Published | Title | Version | Author | Status |
|---|---|---|---|---|
| 2026-03-13 18:01 UTC | netfilter: ipset: harden payload calculation in call_ad() | 1 | davidbaum461@gmail.com | in progress |
| 2026-03-12 22:31 UTC | netfilter: conntrack: expose gc_scan_interval_max via sysctl | 2 | panchamukhi@arista.com | finished in 4h12m0s |
| 2026-03-11 19:40 UTC | netfilter: conntrack: expose gc_scan_interval_max via sysctl | 1 | panchamukhi@arista.com | finished in 4h4m0s |
| 2026-03-07 17:24 UTC | netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path | 1 | imv4bel@gmail.com | finished in 3h58m0s |
| 2026-03-07 17:23 UTC | netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table() | 1 | imv4bel@gmail.com | finished in 4h4m0s |
| 2026-03-07 17:23 UTC | netfilter: nf_flow_table_offload: fix heap overflow in flow_action_entry_next() | 1 | imv4bel@gmail.com | finished in 4h7m0s |
| 2026-03-07 17:22 UTC | netfilter: nf_conntrack_sctp: validate state value in nlattr_to_sctp() | 1 | imv4bel@gmail.com | finished in 4h13m0s |
| 2026-03-07 17:22 UTC | netfilter: ctnetlink: validate CTA_EXPECT_NAT_DIR to prevent OOB access | 1 | imv4bel@gmail.com | finished in 3h56m0s |
| 2026-03-07 17:21 UTC | netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() | 1 | imv4bel@gmail.com | finished in 3h59m0s |
| 2026-03-07 17:21 UTC | netfilter: ctnetlink: fix use-after-free of exp->master in single expectation GET | 1 | imv4bel@gmail.com | finished in 4h8m0s |
| 2026-03-07 17:20 UTC | netfilter: ctnetlink: fix use-after-free of exp->master in expectation dump | 1 | imv4bel@gmail.com | finished in 4h4m0s |
| 2026-03-05 00:47 UTC | net: Add SPDX ids to some source files | 1 | tim.bird@sony.com | finished in 4h11m0s |
| 2026-03-03 19:57 UTC | doc/netlink: Expand nftables specification | 8 | one-d-wide@protonmail.com | finished in 1h5m0s |
| 2026-03-03 10:15 UTC | netfilter: use function typedefs for __rcu NAT helper hook pointers | 1 | sun.jian.kdev@gmail.com | finished in 1h39m0s |
| 2026-03-02 21:26 UTC | netfilter: nf_tables: fix use-after-free on ops->dev | 1 | koike@igalia.com | finished in 4h16m0s |
| 2026-02-26 09:40 UTC | netfilter: nfnetlink_queue: no longer acquire sk_callback_lock | 1 | edumazet@google.com | finished in 4h21m0s |
| 2026-02-26 08:58 UTC | netfilter: nfnetlink_log: no longer acquire sk_callback_lock | 1 | edumazet@google.com | finished in 4h27m0s |
| 2026-02-26 08:29 UTC | netfilter: nft_meta: no longer acquire sk_callback_lock in nft_meta_get_eval_skugid() | 1 | edumazet@google.com | finished in 4h1m0s |
| 2026-02-25 13:23 UTC | netfilter: xt_owner: no longer acquire sk_callback_lock in mt_owner() | 2 | edumazet@google.com | finished in 4h2m0s |
| 2026-02-25 13:20 UTC | netfilter: nf_log_syslog: no longer acquire sk_callback_lock in nf_log_dump_sk_uid_gid() | 2 | edumazet@google.com | finished in 4h13m0s |
| 2026-02-24 12:33 UTC | netfilter: nf_log_syslog: no longer acquire sk_callback_lock in nf_log_dump_sk_uid_gid() | 1 | edumazet@google.com | finished in 4h11m0s |
| 2026-02-24 12:28 UTC | netfilter: xt_owner: no longer acquire sk_callback_lock in mt_owner() | 1 | edumazet@google.com | finished in 4h21m0s |
| 2026-02-12 20:07 UTC | iptables: fix null dereference parsing bitwise operations | 2 | one-d-wide@protonmail.com | skipped |
| 2026-02-08 11:00 UTC | net: flow_offload: protect driver_block_list in flow_block_cb_setup_simple() | 1 | syoshida@redhat.com | finished in 3h20m0s |
| 2026-02-04 15:23 UTC | netfilter: nf_tables: add math expression support | 3 | fmancera@suse.de | finished in 1h19m0s |
| 2026-02-03 13:48 UTC | netfilter: nft_counter: Fix reset of counters on 32bit archs | 3 | anders.grahn@gmail.com | finished in 4h10m0s |
| 2026-02-02 10:14 UTC | iptables: fix null dereference parsing bitwise operations | 1 | one-d-wide@protonmail.com | skipped |
| 2026-02-02 09:40 UTC | doc/netlink: Expand nftables specification | 7 | one-d-wide@protonmail.com | finished in 1h11m0s |
| 2026-01-30 07:22 UTC | netfilter: flowtable: dedicated slab for flow entry | 2 | dqfext@gmail.com | finished in 3h52m0s |
| 2026-01-30 04:43 UTC | netfilter: conntrack: remove __read_mostly from nf_conntrack_generation | 1 | lirongqing@baidu.com | finished in 3h54m0s |
| 2026-01-29 10:12 UTC | netfilter: flowtable: dedicated slab for flow entry | 1 | dqfext@gmail.com | finished in 4h0m0s |
| 2026-01-23 08:10 UTC | netfilter: xt_time: use is_leap_year() helper | 1 | ruanjinjie@huawei.com | finished in 4h40m0s |
| 2026-01-22 17:46 UTC | Add IP6IP6 flowtable SW acceleration | 4 | lorenzo@kernel.org | finished in 4h9m0s |
| 2026-01-21 18:47 UTC | doc/netlink: Expand nftables specification | 6 | one-d-wide@protonmail.com | finished in 54m0s |
| 2026-01-20 23:11 UTC | selftests: netfilter: avoid RULE_REPLACE error when zeroing rule counters | 1 | aleksey.oladko@virtuozzo.com | finished in 1h6m0s |
| 2026-01-20 22:01 UTC | selftests: netfilter: ensure conntrack is enabled for helper test | 1 | aleksey.oladko@virtuozzo.com | finished in 1h22m0s |
| 2026-01-19 20:35 UTC | netfilter: nf_conncount: fix tracking of connections from localhost | 2 | fmancera@suse.de | finished in 3h59m0s |
| 2026-01-19 06:37 UTC | netfilter: arptables: use xt_entry_foreach() in copy_entries_to_user() | 1 | kshitiz.bartariya@zohomail.in | finished in 4h0m0s |
| 2026-01-18 11:13 UTC | netfilter: nf_conncount: fix tracking of connections from localhost | 1 | fmancera@suse.de | finished in 4h7m0s |
| 2026-01-16 08:13 UTC | Add IP6IP6 flowtable SW acceleration | 3 | lorenzo@kernel.org | finished in 4h6m0s |
| 2026-01-13 07:44 UTC | uapi: Use UAPI definitions of INT_MAX and INT_MIN | 2 | thomas.weissschuh@linutronix.de | finished in 52m0s |
| 2026-01-12 12:54 UTC | net: make config options NF_LOG_{ARP,IPV4,IPV6} transitional | 1 | lbulwahn@redhat.com | finished in 1h2m0s |
| 2026-01-11 16:39 UTC | net/sched: Fix packet loops in mirred and netem | 1 | jhs@mojatatu.com | finished in 3h51m0s |
| 2026-01-05 08:26 UTC | uapi: Use UAPI definitions of INT_MAX and INT_MIN | 1 | thomas.weissschuh@linutronix.de | finished in 1h10m0s |
| 2025-12-25 21:02 UTC | net: sched: Fix ethx:ingress -> ethy:egress -> ethx:ingress mirred loop | 4 | jhs@mojatatu.com | finished in 3h49m0s |
| 2025-12-24 12:48 UTC | netfilter: nf_tables: Fix memory leak in nf_tables_newrule() | 1 | zilin@seu.edu.cn | finished in 3h58m0s |
| 2025-12-19 11:53 UTC | netfilter: nf_conntrack: Add allow_clash to generic protocol handler | 1 | hamaguchi.yuto@da.mitsubishielectric.co.jp | finished in 3h57m0s |
| 2025-12-19 05:13 UTC | netfilter: replace -EEXIST with -EBUSY | 1 | da.gomez@kernel.org | finished in 3h50m0s |
| 2025-12-17 20:21 UTC | netfilter: nft_synproxy: avoid possible data-race on update operation | 1 | fmancera@suse.de | finished in 3h52m0s |
| 2025-12-16 12:24 UTC | netfilter: nf_conncount: increase connection clean up limit to 64 | 1 | fmancera@suse.de | finished in 3h57m0s |
| 2025-12-15 16:15 UTC | net: sched: Fix ethx:ingress -> ethy:egress -> ethx:ingress mirred loop | 3 | jhs@mojatatu.com | finished in 4h2m0s |
| 2025-12-15 15:32 UTC | netfilter: nft_counter: Fix reset of counters on 32bit archs | 2 | anders.grahn@gmail.com | finished in 3h51m0s |
| 2025-12-15 12:12 UTC | netfilter: nft_counter: Fix reset of counters on 32bit archs | 1 | anders.grahn@gmail.com | finished in 3h52m0s |
| 2025-12-09 07:35 UTC | Add IP6IP6 flowtable SW acceleration | 2 | lorenzo@kernel.org | finished in 3h49m0s |
| 2025-12-07 16:06 UTC | Add IP6IP6 flowtable SW acceleration | 1 | lorenzo@kernel.org |
finished
in 3h52m0s
[3 findings] |
| 2025-12-05 11:58 UTC | netfilter: nf_conncount: fix leaked ct in error paths | 2 | fmancera@suse.de | finished in 3h56m0s |
| 2025-12-04 14:01 UTC | netfilter: nf_conncount: fix leaked ct in error paths | 1 | fmancera@suse.de | finished in 4h3m0s |
| 2025-12-01 13:45 UTC | Add IP6IP6 flowtable SW acceleration | 1 | lorenzo@kernel.org |
finished
in 3h49m0s
[1 findings] |
| 2025-12-01 10:22 UTC | netfilter: Always set route tuple out ifindex | 1 | lorenzo@kernel.org | finished in 1h44m0s |
| 2025-11-27 22:21 UTC | selftests: netfilter: nft_flowtable.sh: Add the capability to send IPv6 TCP traffic | 2 | lorenzo@kernel.org | finished in 49m0s |
| 2025-11-24 17:35 UTC | src: add connlimit stateful object support | 3 | fmancera@suse.de | skipped |
| 2025-11-24 16:36 UTC | netfilter: nft_connlimit: add support to object update operation | 2 | fmancera@suse.de | finished in 3h51m0s |
| 2025-11-22 18:41 UTC | selftests: netfilter: nft_flowtable.sh: Add the capability to send IPv6 TCP traffic | 1 | lorenzo@kernel.org | finished in 49m0s |
| 2025-11-22 00:37 UTC | netfilter: nfnetlink_queue: optimize verdict lookup with hash table | 5 | scott.k.mitch1@gmail.com | finished in 3h50m0s |
| 2025-11-21 08:52 UTC | ipvs: fix ipv4 null-ptr-deref in route error path | 2 | slavin452@gmail.com | finished in 3h50m0s |
| 2025-11-20 19:03 UTC | ipvs: fix ipv4 null-ptr-deref in route error path | 1 | slavin452@gmail.com | finished in 3h56m0s |
| 2025-11-20 15:18 UTC | doc/netlink: Expand nftables specification | 5 | one-d-wide@protonmail.com | finished in 55m0s |
| 2025-11-19 03:01 UTC | netfilter: conntrack: Add missing modification about data-race around ct->timeout | 2 | zhaochenguang@kylinos.cn | finished in 4h2m0s |
| 2025-11-17 08:56 UTC | netfilter: conntrack: Add missing modification about data-race around ct->timeout | 1 | zhaochenguang@kylinos.cn | finished in 3h57m0s |
| 2025-11-15 11:04 UTC | src: add connlimit stateful object support | 2 | fmancera@suse.de | skipped |
| 2025-11-14 12:36 UTC | audit: improve NETFILTER_PKT records | 7 | rrobaina@redhat.com | finished in 3h49m0s |
| 2025-11-13 15:46 UTC | netfilter: nfnetlink_queue: optimize verdict lookup with hash table | 4 | scott.k.mitch1@gmail.com | finished in 4h1m0s |
| 2025-11-13 15:32 UTC | netfilter: nfnetlink_queue: optimize verdict lookup with hash table | 3 | scott.k.mitch1@gmail.com | finished in 4h0m0s |
| 2025-11-13 09:26 UTC | netfilter: nfnetlink_queue: optimize verdict lookup with hash table | 2 | scott.k.mitch1@gmail.com |
finished
in 3h56m0s
[1 findings] |
| 2025-11-12 18:42 UTC | tunnel: add missing tunnel object list support | 1 | fmancera@suse.de | skipped |
| 2025-11-12 16:03 UTC | netfilter: nfnetlink_queue: optimize verdict lookup with hash table | 1 | scott.k.mitch1@gmail.com | finished in 3h52m0s |
| 2025-11-07 11:14 UTC | Add IPIP flowtable SW acceleration | 9 | lorenzo@kernel.org | skipped |
| 2025-11-06 16:53 UTC | audit: improve NETFILTER_PKT records | 5 | rrobaina@redhat.com | finished in 1h57m0s |
| 2025-11-04 17:20 UTC | netfilter: nft_connlimit: add support to object update operation | 1 | fmancera@suse.de | finished in 3h56m0s |
| 2025-11-04 17:13 UTC | src: add connlimit stateful object support | 1 | fmancera@suse.de | skipped |
| 2025-11-04 17:11 UTC | src: add connlimit stateful object support | 1 | fmancera@suse.de | skipped |
| 2025-11-03 18:16 UTC | rule: add missing documentation for cmd_obj enum | 1 | fmancera@suse.de | skipped |
| 2025-11-03 14:31 UTC | netfilter: nf_tables: add math expression support | 2 | fmancera@suse.de | finished in 45m0s |
| 2025-11-03 14:28 UTC | expr: add support to math expression | 2 | fmancera@suse.de | skipped |
| 2025-11-01 19:20 UTC | netfilter: ip6t_srh: fix UAPI kernel-doc comments format | 1 | rdunlap@infradead.org | finished in 48m0s |
| 2025-11-01 19:20 UTC | netfilter: nf_tables: improve UAPI kernel-doc comments | 1 | rdunlap@infradead.org | finished in 47m0s |
| 2025-10-31 13:59 UTC | audit: improve NETFILTER_PKT records | 4 | rrobaina@redhat.com | finished in 3h54m0s |
| 2025-10-31 13:08 UTC | netfilter: nft_connlimit: fix duplicated tracking of a connection | 3 | fmancera@suse.de | finished in 4h15m0s |
| 2025-10-30 08:35 UTC | treewide: Rename ERR_PTR_PCPU() --> PCPU_ERR_PTR() | 1 | andriy.shevchenko@linux.intel.com | finished in 44m0s |
| 2025-10-29 13:23 UTC | netfilter: nft_connlimit: fix duplicated tracking of a connection | 2 | fmancera@suse.de | skipped |
| 2025-10-28 17:29 UTC | selftest: net: fix socklen_t type mismatch in sctp_collision test | 2 | ankitkhushwaha.linux@gmail.com | finished in 49m0s |
| 2025-10-27 12:57 UTC | netfilter: nft_connlimit: fix duplicated tracking of a connection | 1 | fmancera@suse.de | skipped |
| 2025-10-26 17:46 UTC | selftest: net: fix socklen_t type mismatch in sctp_collision test | 1 | ankitkhushwaha.linux@gmail.com | finished in 38m0s |
| 2025-10-24 16:22 UTC | nf_conntrack_ftp: Added nfct_seqadj_ext_add(). | 4 | a.melnychenko@vyos.io | finished in 4h8m0s |
| 2025-10-24 15:54 UTC | netfilter: nft_connlimit: fix possible data race on connection count | 2 | fmancera@suse.de | finished in 3h55m0s |
| 2025-10-23 23:20 UTC | netfilter: nft_connlimit: fix stale read of connection count | 1 | fmancera@suse.de | finished in 3h43m0s |
| 2025-10-23 08:50 UTC | Add IPIP flowtable SW acceleration | 8 | lorenzo@kernel.org | skipped |
| 2025-10-21 17:48 UTC | Add IPIP flowtable SW acceleration | 7 | lorenzo@kernel.org | finished in 3h49m0s |
| 2025-10-21 13:39 UTC | nf_conntrack_ftp: Added nfct_seqadj_ext_add(). | 3 | a.melnychenko@vyos.io | finished in 4h13m0s |
| 2025-10-16 10:48 UTC | nf_conntrack_ftp: Added nfct_seqadj_ext_add(). | 2 | a.melnychenko@vyos.io | finished in 1h57m0s |