| Published | Title | Version | Author | Status |
|---|---|---|---|---|
| 2026-05-12 22:44 UTC | netfilter: nf_queue: hold reference on skb->dev | 1 | pablo@netfilter.org | - |
| 2026-05-12 21:55 UTC | netfilter: nf_conntrack_proto_tcp: fix typos in comments | 1 | avinash.duduskar@gmail.com | - |
| 2026-05-12 20:58 UTC | netfilter: conntrack: add dead flag to helpers | 1 | pablo@netfilter.org | - |
| 2026-05-12 20:51 UTC | ipv4: harden against ihl < 5 IP_HDRINCL packets | 1 | michael.bommarito@gmail.com | - |
| 2026-05-12 18:29 UTC | netfilter: add option for GCOV profiling | 2 | fw@strlen.de | - |
| 2026-05-12 13:36 UTC | netfilter: nft_byteorder: remove multi-register support | 3 | fw@strlen.de | in progress |
| 2026-05-12 10:34 UTC | selftests: netfilter: Add bridge_fastpath.sh | 5 | ericwouds@gmail.com | finished in 2h9m0s |
| 2026-05-12 10:33 UTC | conntrack: bridge: add double vlan, pppoe and pppoe-in-q | 20 | ericwouds@gmail.com | finished in 4h38m0s |
| 2026-05-12 09:30 UTC | netfilter: nft_inner: release local_lock before re-enabling softirqs | 1 | fw@strlen.de | finished in 4h29m0s |
| 2026-05-12 07:57 UTC | netfilter: nf_queue: hold bridge skb->dev while queued | 1 | n05ec@lzu.edu.cn | finished in 4h33m0s |
| 2026-05-11 20:06 UTC | cache: honor -c/--check for reset commands | 1 | pablo@netfilter.org | skipped |
| 2026-05-11 17:30 UTC | netfilter: nft_inner: Fix IPv6 inner_thoff desync | 2 | zhaoyz24@mails.tsinghua.edu.cn | finished in 5h16m0s |
| 2026-05-11 15:57 UTC | net: neigh: Reallocate headroom if necessary in neigh_hh_bridge() | 2 | lorenzo@kernel.org | finished in 4h27m0s |
| 2026-05-11 14:43 UTC | netfilter: conntrack: tcp: do not force CLOSE on invalid-seq RST without direction check | 1 | hamzamahfooz@linux.microsoft.com | finished in 4h42m0s |
| 2026-05-11 14:37 UTC | netfilter: nf_tables: fix dst corruption in same register operation | 4 | fmancera@suse.de | finished in 4h44m0s |
| 2026-05-11 13:47 UTC | net: Replace system_unbound_wq with system_dfl_wq | 1 | marco.crivellari@suse.com | finished in 1h51m0s |
| 2026-05-11 13:37 UTC | netfilter: nft_inner: Fix IPv6 inner_thoff desync | 2 | zhaoyz24@mails.tsinghua.edu.cn | finished in 4h48m0s |
| 2026-05-10 13:19 UTC | netfilter: nft_inner: Fix IPv6 inner_thoff desync | 1 | zhaoyz24@mails.tsinghua.edu.cn | finished in 4h8m0s |
| 2026-05-10 10:46 UTC | ipvs: avoid possible loop in ip_vs_dst_event on resizing | 3 | ja@ssi.bg | finished in 4h7m0s |
| 2026-05-09 22:01 UTC | tests: cli-test.sh: improve logging for CI pipelines | 1 | fw@strlen.de | skipped |
| 2026-05-09 22:00 UTC | tests: bulk-load-stress.sh: return early if ct_max is reached | 1 | fw@strlen.de | skipped |
| 2026-05-09 08:27 UTC | netfilter: nf_conntrack_helper: fix possible null deref during error log | 1 | fw@strlen.de | finished in 4h8m0s |
| 2026-05-08 20:58 UTC | netfilter: ipset fixes | 6 | kadlec@netfilter.org | finished in 4h9m0s |
| 2026-05-08 11:25 UTC | net: neigh: Reallocate headroom if necessary in neigh_hh_bridge() | 1 | lorenzo@kernel.org | finished in 4h2m0s |
| 2026-05-08 11:15 UTC | scanner: Accept all statements' first words in all scopes | 2 | phil@nwl.cc | skipped |
| 2026-05-07 23:44 UTC | Netfilter fixes for net | 1 | pablo@netfilter.org | finished in 4h27m0s |
| 2026-05-07 20:38 UTC | scanner: Accept all statements' first words in all scopes | 1 | phil@nwl.cc | skipped |
| 2026-05-07 19:23 UTC | ipvs: avoid possible loop in ip_vs_dst_event on resizing | 2 | ja@ssi.bg | finished in 4h48m0s |
| 2026-05-07 13:44 UTC | netfilter: fix expectation reference leaks | 2 | lixiasong1@huawei.com | finished in 5h8m0s |
| 2026-05-07 09:34 UTC | netfilter: add option for GCOV profiling | 1 | fw@strlen.de | finished in 1h32m0s |
| 2026-05-06 18:44 UTC | ipvs: avoid possible loop in ip_vs_dst_event on resizing | 1 | ja@ssi.bg | finished in 5h12m0s |
| 2026-05-06 17:27 UTC | Add IPv4 over IPv6 and SIT flowtable SW acceleration | 2 | lorenzo@kernel.org | finished in 4h33m0s |
| 2026-05-06 12:06 UTC | netfilter: fix nf_ct_expect_alloc() reference leaks | 1 | lixiasong1@huawei.com | finished in 4h43m0s |
| 2026-05-06 10:07 UTC | netfilter: xtables: fix module load and teardown races | 3 | fw@strlen.de | finished in 5h29m0s |
| 2026-05-05 14:49 UTC | Add IPv4 over IPv6 flowtable SW acceleration | 1 | lorenzo@kernel.org | finished in 4h59m0s |
| 2026-05-05 11:42 UTC | netfilter: nf_conntrack_expect: restore helper propagation via expectation | 1 | pablo@netfilter.org | finished in 4h19m0s |
| 2026-05-05 10:37 UTC | tests: shell: also test byte-based rate limiting | 1 | fw@strlen.de | skipped |
| 2026-05-05 10:37 UTC | scanner: enable verdicts in rate scope too | 1 | fw@strlen.de | skipped |
| 2026-05-05 05:11 UTC | netfilter: ctnetlink: use nf_ct_exp_net() in expectation dump | 1 | pratham36gupta@gmail.com | finished in 4h14m0s |
| 2026-05-05 00:16 UTC | IPVS fixes for net | 1 | pablo@netfilter.org | finished in 4h44m0s |
| 2026-05-04 18:22 UTC | netfilter: xtables: fix module load and teardown races | 2 | fw@strlen.de | finished in 4h47m0s |
| 2026-05-04 17:11 UTC | src: don't write to possible rodata location | 1 | fw@strlen.de | skipped |
| 2026-05-04 17:00 UTC | tools: match_nomatch: fix spurious failure in nomatch test | 1 | fw@strlen.de | skipped |
| 2026-05-04 11:23 UTC | netfilter: conntrack: fix integer overflow in expectation timeout | 4 | tomaquet18@protonmail.com | finished in 4h23m0s |
| 2026-05-03 08:32 UTC | netfilter: conntrack: shared port parser for helpers | 3 | rc@rexion.ai | finished in 4h23m0s |
| 2026-05-02 07:56 UTC | netfilter: xtables: fix module unload and teardown races | 1 | fw@strlen.de | finished in 4h13m0s |
| 2026-05-01 12:22 UTC | Netfilter fixes for net | 1 | pablo@netfilter.org | finished in 4h21m0s |
| 2026-05-01 06:31 UTC | netfilter: conntrack: add shared port parser and use it in IRC and Amanda helpers | 2 | rc@rexion.ai | finished in 4h53m0s |
| 2026-04-30 18:25 UTC | netfilter: conntrack: add shared port parser and use it in IRC and Amanda helpers | 2 | rc@rexion.ai | finished in 5h40m0s |
| 2026-04-29 23:19 UTC | netfilter: fix NULL ops dereference in iptable lazy init | 2 | tristmd@gmail.com | finished in 4h50m0s |
| 2026-04-29 17:56 UTC | netfilter: fix NULL ops race in iptable lazy init | 1 | tristmd@gmail.com | finished in 5h17m0s |
| 2026-04-29 15:29 UTC | conntrackd-netns-test.sh: rework for CI pipelines | 1 | fw@strlen.de | skipped |
| 2026-04-29 15:28 UTC | tests: allow to run conntrackd-tests.py via unshare | 1 | fw@strlen.de | skipped |
| 2026-04-29 14:24 UTC | netfilter: flowtable_offload: propagate CT mark to hardware offload path | 1 | lorenzo@kernel.org | finished in 4h27m0s |
| 2026-04-29 09:59 UTC | netfilter: x_tables: disable 32bit compat interface in user namespaces | 1 | fw@strlen.de | finished in 5h6m0s |
| 2026-04-29 06:30 UTC | netfilter: nf_conncount: use per-rule hash initval | 1 | fw@strlen.de | finished in 5h15m0s |
| 2026-04-29 06:21 UTC | netfilter: nf_tables: fix netdev hook allocation memleak with dormant tables | 1 | fw@strlen.de | finished in 4h47m0s |
| 2026-04-28 22:10 UTC | netfilter: x_tables: add .check_hooks to matches and targets | 1 | pablo@netfilter.org | finished in 4h49m0s |
| 2026-04-28 17:57 UTC | IPVS fixes for nf | 1 | ja@ssi.bg | finished in 4h35m0s |
| 2026-04-28 17:41 UTC | tests: nfct: make it suitable for CI pipeline | 1 | fw@strlen.de | skipped |
| 2026-04-28 17:37 UTC | netfilter: xt_CT: fix usersize for v1 and v2 revision | 1 | fw@strlen.de | finished in 5h13m0s |
| 2026-04-28 15:19 UTC | netfilter: ipset fixes | 1 | kadlec@netfilter.org | finished in 4h47m0s |
| 2026-04-28 10:20 UTC | neighbour: neigh_xmit needs to release skb on -EAFNOSUPPORT | 1 | pablo@netfilter.org | finished in 4h30m0s |
| 2026-04-28 09:09 UTC | netfilter: nf_nat: avoid invalid nat_net pointer use on failed nf_nat_init() | 1 | minipli@grsecurity.net | finished in 4h53m0s |
| 2026-04-27 23:40 UTC | ipvs: fix shift-out-of-bounds in ip_vs_rht_desired_size | 1 | ja@ssi.bg | finished in 4h58m0s |
| 2026-04-27 09:21 UTC | netfilter: nft_bitwise: fix dst corruption in same register shifts | 4 | fmancera@suse.de | finished in 4h40m0s |
| 2026-04-27 07:34 UTC | netfilter: ipset fixes | 1 | kadlec@netfilter.org |
finished
in 1h39m0s
[1 findings] |
| 2026-04-26 14:46 UTC | sctp: fix a vtag verification failure caused by stale INITs | 2 | lucien.xin@gmail.com | finished in 4h28m0s |
| 2026-04-26 14:44 UTC | tests: shell: add test case for netdev + dormant table | 1 | fw@strlen.de | finished in 1h22m0s |
| 2026-04-24 19:05 UTC | Netfilter/IPVS fixes for net | 1 | pablo@netfilter.org | finished in 4h38m0s |
| 2026-04-24 10:07 UTC | netfilter: flowtable: fix inline vlan encapsulation in xmit path | 1 | pablo@netfilter.org | finished in 4h13m0s |
| 2026-04-24 09:23 UTC | netfilter: ebtables: fix OOB read in compat_mtw_from_user | 1 | n05ec@lzu.edu.cn | finished in 4h49m0s |
| 2026-04-23 15:54 UTC | netfilter: nft_bitwise: fix dst corruption in same register shifts | 3 | fmancera@suse.de | finished in 4h24m0s |
| 2026-04-23 12:05 UTC | netfilter: nft_bitwise: fix dst corruption in same register shifts | 2 | fmancera@suse.de | finished in 4h13m0s |
| 2026-04-23 00:19 UTC | netfilter: nf_conntrack_sip: don't use simple_strtoul | 3 | fw@strlen.de | finished in 2h4m0s |
| 2026-04-22 17:26 UTC | evaluate: zap useless 0-shifts | 1 | fw@strlen.de | skipped |
| 2026-04-22 15:41 UTC | netfilter: ipset: keep comment extensions private on resize | 1 | n05ec@lzu.edu.cn | finished in 4h29m0s |
| 2026-04-22 14:54 UTC | netfilter: reject zero shift in nft_bitwise | 2 | n05ec@lzu.edu.cn | finished in 4h31m0s |
| 2026-04-22 14:40 UTC | netfilter: nf_conntrack_sip: don't use simple_strtoul | 2 | fw@strlen.de | finished in 2h19m0s |
| 2026-04-22 13:18 UTC | selftests: netfilter: add regression test for nft_ct timeout UAF | 1 | vebohr@gmail.com | finished in 1h42m0s |
| 2026-04-21 18:16 UTC | netfilter: replace skb_try_make_writable() by skb_ensure_writable() | 1 | pablo@netfilter.org | finished in 4h37m0s |
| 2026-04-21 17:38 UTC | netfilter: nft_bitwise: fix dst corruption in same register shifts | 1 | fmancera@suse.de | finished in 4h27m0s |
| 2026-04-21 15:59 UTC | expr: add support to math expression | 4 | fmancera@suse.de | skipped |
| 2026-04-21 15:59 UTC | netfilter: nf_tables: add math expression support | 5 | fmancera@suse.de | finished in 1h29m0s |
| 2026-04-21 12:42 UTC | netfilter: shift-out-of-bounds in nft_bitwise | 1 | n05ec@lzu.edu.cn | finished in 4h48m0s |
| 2026-04-20 22:02 UTC | Netfilter/IPVS fixes for net | 1 | pablo@netfilter.org | finished in 4h9m0s |
| 2026-04-20 17:42 UTC | netfilter: nft_compat: run checkentry() from .validate | 1 | pablo@netfilter.org | finished in 4h28m0s |
| 2026-04-20 17:13 UTC | ipvs: fix races around est_mutex and est_cpulist | 1 | ja@ssi.bg | finished in 4h34m0s |
| 2026-04-20 17:06 UTC | expr: add support to math expression | 3 | fmancera@suse.de | skipped |
| 2026-04-20 17:05 UTC | netfilter: nf_tables: add math expression support | 4 | fmancera@suse.de | finished in 1h37m0s |
| 2026-04-20 13:39 UTC | netfilter: flowtable_offload: propagate CT mark to hardware offload path | 1 | lorenzo@kernel.org | finished in 4h0m0s |
| 2026-04-20 10:58 UTC | bpf: add icmp_send_unreach kfunc | 4 | mahe.tardy@gmail.com | finished in 4h37m0s |
| 2026-04-19 15:57 UTC | json: output set/map element count | 1 | niklas.fiekas@backscattering.de | skipped |
| 2026-04-19 13:37 UTC | tests: shell: add test case for checkentry hook validations | 1 | fw@strlen.de | finished in 53m0s |
| 2026-04-19 10:45 UTC | netfilter: x_tables: add late validate callback for nft_compat sake | 1 | fw@strlen.de | finished in 4h17m0s |
| 2026-04-18 19:58 UTC | selftests: netfilter: conntrack_sctp_collision.sh: Introduce SCTP INIT collision test | 2 | yiche.cy@gmail.com | finished in 1h4m0s |
| 2026-04-18 16:30 UTC | netfilter: xt_TCPMSS: check skb_dst before path-MTU clamping | 1 | bestswngs@gmail.com | finished in 4h27m0s |
| 2026-04-18 10:06 UTC | netfilter: arp_tables: fix IEEE1394 ARP payload mangling | 2 | fw@strlen.de | finished in 4h3m0s |
| 2026-04-17 19:41 UTC | doc: note meta cgroup returns zero on cgroupv2-only hosts | 1 | avinashhd@protonmail.com | skipped |
| 2026-04-17 13:19 UTC | netfilter: arp_tables: fix IEEE1394 ARP payload mangling | 1 | fw@strlen.de | finished in 4h15m0s |