| Published | Title | Version | Author | Status |
|---|---|---|---|---|
| 2026-06-26 22:25 UTC | netfilter: x_tables: replace strlcat() with snprintf() | 1 | icb@fastmail.org | skipped |
| 2026-06-26 12:31 UTC | netfilter: conntrack: remove obsolete module parameters | 1 | fw@strlen.de |
finished
in 1h26m0s
[1 findings] |
| 2026-06-26 11:40 UTC | netfilter: nfnetlink_cthelper: cap to maximum number of expectation per master | 1 | pablo@netfilter.org | finished in 4h12m0s |
| 2026-06-26 11:24 UTC | netfilter: nf_conntrack_sip: validate skb_dst() before accessing it | 1 | pablo@netfilter.org | finished in 2h40m0s |
| 2026-06-26 06:49 UTC | netfilter: nf_conntrack_sip: guard against missing skb dst | 1 | n05ec@lzu.edu.cn | finished in 2h9m0s |
| 2026-06-25 17:25 UTC | netfilter: replace u_int*_t with kernel int types (batch 2) | 2 | carlos@carlosgrillet.me | skipped |
| 2026-06-25 13:31 UTC | netfilter: remove redundant null check before kvfree() | 1 | subasris1210@gmail.com | skipped |
| 2026-06-25 12:28 UTC | netfilter: nft_fib: reject fib expression on the netdev egress hook | 1 | theodorlarionov@gmail.com | finished in 4h14m0s |
| 2026-06-25 01:00 UTC | netfilter: ipset: fix race between dump and ip_set_list resize | 1 | xmei5@asu.edu | finished in 4h33m0s |
| 2026-06-25 00:13 UTC | netfilter: nf_conntrack_expect: zero at allocation time | 1 | fw@strlen.de | finished in 4h20m0s |
| 2026-06-24 18:40 UTC | netfilter: replace u_int*_t with kernel int types (batch 2) | 1 | carlos@carlosgrillet.me | skipped |
| 2026-06-24 16:12 UTC | tests: shell: add tunnel vxlan test | 1 | fw@strlen.de | skipped |
| 2026-06-23 22:15 UTC | Netfilter fixes for net | 1 | pablo@netfilter.org | finished in 4h1m0s |
| 2026-06-23 05:30 UTC | netfilter: nft_ct: expectation timeouts are passed in milliseconds | 1 | fw@strlen.de | finished in 4h13m0s |
| 2026-06-23 04:37 UTC | libmnl: add MNL_TYPE_UARR for devlink u64 array attributes | 1 | rkannoth@marvell.com | skipped |
| 2026-06-22 19:49 UTC | netfilter: nf_conntrack_helper: cap maximum number of expectation at helper registration | 1 | pablo@netfilter.org | skipped |
| 2026-06-22 19:36 UTC | netfilter: nf_conntrack_expect: store master_tuple in expectation | 1 | pablo@netfilter.org | skipped |
| 2026-06-22 19:36 UTC | netfilter: nf_conntrack_expect: run expectation eviction with no helper | 1 | pablo@netfilter.org | finished in 4h31m0s |
| 2026-06-22 12:05 UTC | bpf: add icmp_send kfunc | 8 | mahe.tardy@gmail.com | finished in 4h6m0s |
| 2026-06-22 11:57 UTC | netfilter: ctnetlink: do not allow to reset helper on existing conntrack | 1 | pablo@netfilter.org | finished in 4h4m0s |
| 2026-06-21 18:49 UTC | netfilter: TCPMSS: handle packets with unaligned MSS option | 3 | kacper.kokot.44@gmail.com | finished in 4h2m0s |
| 2026-06-20 08:37 UTC | minor spelling and grammar fixes in doc | 1 | pritt1999@gmail.com | skipped |
| 2026-06-19 11:54 UTC | Netfilter fixes for net | 1 | pablo@netfilter.org | finished in 4h19m0s |
| 2026-06-18 22:34 UTC | netfilter: nft_meta_bridge: fix NFT_META_BRI_IIFPVID stack leak | 1 | fw@strlen.de | finished in 4h7m0s |
| 2026-06-18 16:31 UTC | netfilter: nf_conntrack_expect: store master_tuple in expectation | 1 | pablo@netfilter.org | skipped |
| 2026-06-18 12:58 UTC | netfilter: ip6t_ah: validate AH header length | 1 | running910@gmail.com | finished in 4h13m0s |
| 2026-06-18 11:17 UTC | tests: shell: Run tests with a fixed TZ | 1 | phil@nwl.cc | skipped |
| 2026-06-18 10:18 UTC | bpf: Guard conntrack opts error writes | 2 | chenyy23@mails.tsinghua.edu.cn | finished in 1h7m0s |
| 2026-06-18 08:49 UTC | netfilter: nf_reject: skip iphdr options when looking for icmp header | 1 | fw@strlen.de | finished in 4h41m0s |
| 2026-06-18 06:25 UTC | netfilter: nft_flow_offload: zero device address for non-ether case | 1 | fw@strlen.de | finished in 2h0m0s |
| 2026-06-18 06:16 UTC | netfilter: nft_meta_bridge: add validate callback for get operations | 1 | fw@strlen.de | finished in 4h13m0s |
| 2026-06-18 04:58 UTC | netfilter: nft_payload: reject offsets exceeding 65535 bytes | 1 | fw@strlen.de | finished in 4h8m0s |
| 2026-06-17 17:06 UTC | netfilter: nf_flow_table: separate tunnel route state from direct xmit | 2 | n05ec@lzu.edu.cn | finished in 4h35m0s |
| 2026-06-17 08:41 UTC | netfilter: ipset fixes, second batch | 3 | kadlec@netfilter.org |
finished
in 4h21m0s
[3 findings] |
| 2026-06-16 19:19 UTC | netfilter: nft_set_pipapo: don't leak bad clone into future transaction | 1 | fw@strlen.de | finished in 4h56m0s |
| 2026-06-16 19:16 UTC | netfilter: nfnetlink: make OOM conditions fatal | 1 | fw@strlen.de | finished in 4h36m0s |
| 2026-06-16 18:29 UTC | netfilter: replace u_int*_t with kernel int types | 3 | carlos@carlosgrillet.me | finished in 1h40m0s |
| 2026-06-16 05:42 UTC | bpf: Guard conntrack opts error writes | 1 | chenyy23@mails.tsinghua.edu.cn | finished in 55m0s |
| 2026-06-15 18:10 UTC | netfilter: nft_compat: ebtables emulation must reject non-bridge targets | 1 | fw@strlen.de | finished in 4h26m0s |
| 2026-06-15 13:38 UTC | netfilter: replace u_int*_t with kernel int types | 2 | carlos@carlosgrillet.me | finished in 1h56m0s |
| 2026-06-15 09:18 UTC | netfilter: flowtable: fix and simplify IP6IP6 tunnel handling | 2 | lorenzo@kernel.org | finished in 4h24m0s |
| 2026-06-14 11:45 UTC | Netfilter/IPVS updates for net-next | 1 | pablo@netfilter.org | finished in 4h0m0s |
| 2026-06-14 05:25 UTC | netfilter: x_tables.h: fix all kernel-doc warnings | 1 | rdunlap@infradead.org | finished in 1h34m0s |
| 2026-06-14 05:24 UTC | kdoc: xforms_lists: handle DECLARE_PER_CPU() in kernel-doc | 1 | rdunlap@infradead.org | finished in 1h24m0s |
| 2026-06-13 10:27 UTC | netfilter: xt_nat: bridge nft_compat rule can trigger NULL-deref | 1 | n05ec@lzu.edu.cn | finished in 4h42m0s |
| 2026-06-12 09:22 UTC | netdevsim: add fake FT/CLS_FLOWER offload | 2 | fw@strlen.de | finished in 4h10m0s |
| 2026-06-12 06:03 UTC | netfilter: conntrack: add deprecation warnings for irc and pptp trackers | 1 | fw@strlen.de | finished in 4h56m0s |
| 2026-06-11 14:50 UTC | selftests: netfilter: conntrack_sctp_collision.sh: Introduce SCTP INIT collision test | 3 | fw@strlen.de | finished in 1h43m0s |
| 2026-06-11 12:52 UTC | parser_bison: Fix for bison < 3.6 | 2 | phil@nwl.cc | skipped |
| 2026-06-11 07:21 UTC | netfilter: xt_cluster: reject template conntracks in hash match | 1 | n05ec@lzu.edu.cn | finished in 4h52m0s |
| 2026-06-11 04:21 UTC | netfilter: nft_synproxy: stop bypassing the priv->info snapshot | 1 | runyu.xiao@seu.edu.cn | finished in 4h54m0s |
| 2026-06-10 17:58 UTC | netdevsim: add fake FT/CLS_FLOWER offload | 1 | fw@strlen.de | finished in 5h16m0s |
| 2026-06-10 16:16 UTC | Netfilter fixes for net | 1 | pablo@netfilter.org | finished in 4h34m0s |
| 2026-06-10 11:57 UTC | profiling: Include unistd.h to avoid compiler warnings | 1 | phil@nwl.cc | skipped |
| 2026-06-10 11:57 UTC | parser_bison: Fix for bison < 3.6 | 1 | phil@nwl.cc | skipped |
| 2026-06-10 10:39 UTC | netfilter: fix two remaining stale-stack register leaks | 2 | d.ornaghi97@gmail.com | finished in 4h27m0s |
| 2026-06-10 10:30 UTC | objopt: restrict NFCT_GOPT_IS_{S,D}PAT to supported layer 4 protocols | 1 | pablo@netfilter.org | skipped |
| 2026-06-10 03:02 UTC | netfilter: ebtables: bound num_counters like nentries in do_replace() | 1 | jiayuan.chen@linux.dev | finished in 5h1m0s |
| 2026-06-09 22:55 UTC | netfilter: nf_log: validate MAC header was set before dumping it | 2 | xmei5@asu.edu | finished in 4h18m0s |
| 2026-06-09 22:18 UTC | netfilter: nf_dup_netdev: add nf_dev_xmit_recursion*() helpers and use them | 1 | pablo@netfilter.org | finished in 4h39m0s |
| 2026-06-09 21:32 UTC | netfilter: flowtable: bail out if forward path cannot be discovered | 1 | pablo@netfilter.org | finished in 2h25m0s |
| 2026-06-09 19:28 UTC | netfilter: nft_exthdr: fix register tracking for F_PRESENT flag | 3 | fw@strlen.de | finished in 4h47m0s |
| 2026-06-09 19:14 UTC | netfilter: nft_exthdr: fix register tracking for F_PRESENT flag | 2 | fw@strlen.de | finished in 4h34m0s |
| 2026-06-09 16:32 UTC | netfilter: fix two remaining stale-stack register leaks | 1 | d.ornaghi97@gmail.com | finished in 4h41m0s |
| 2026-06-09 14:28 UTC | net: dummy: add phony ndo_setup_tc stub | 1 | fw@strlen.de | finished in 5h3m0s |
| 2026-06-09 11:51 UTC | netfilter: add restrictions/validations for packet rewrite | 3 | fw@strlen.de | finished in 4h55m0s |
| 2026-06-09 07:27 UTC | netfilter: ipset fixes, second batch | 2 | kadlec@netfilter.org |
finished
in 4h47m0s
[8 findings] |
| 2026-06-08 22:56 UTC | ipvs: fix doc syntax for conn_max sysctl | 1 | ja@ssi.bg | finished in 2h9m0s |
| 2026-06-08 21:21 UTC | netfilter: conntrack: check NULL when calling nf_ct_ext_find() | 1 | pablo@netfilter.org | finished in 4h57m0s |
| 2026-06-08 17:06 UTC | netfilter: flowtable: use pskb_may_pull() in nf_flow_ip6_tunnel_proto() | 1 | lorenzo@kernel.org | finished in 4h21m0s |
| 2026-06-08 15:23 UTC | netfilter: add restrictions/validations for packet rewrite | 2 | fw@strlen.de | finished in 4h20m0s |
| 2026-06-08 12:33 UTC | netfilter: flowtable: Validate iph->ihl in nf_flow_ip4_tunnel_proto() | 2 | lorenzo@kernel.org | finished in 4h19m0s |
| 2026-06-08 10:31 UTC | netfilter: nf_reject_ipv6: do not reject ICMPv6 Redirect with an ICMPv6 error | 1 | sayooj@aerlync.com | finished in 5h10m0s |
| 2026-06-08 09:54 UTC | net/netfilter/nfnetlink_cttimeout: Use strscpy() to copy strings into arrays | 1 | david.laight.linux@gmail.com | finished in 4h58m0s |
| 2026-06-08 05:43 UTC | bridge: br_netfilter: pin bridge device while NFQUEUE holds fake dst | 5 | n05ec@lzu.edu.cn | finished in 1h45m0s |
| 2026-06-08 00:11 UTC | netfilter: nf_log: validate MAC header was set before dumping it | 1 | xmei5@asu.edu | finished in 4h5m0s |
| 2026-06-07 16:44 UTC | netfilter: synproxy: fix unaligned access to TCP timestamp option | 1 | rosenp@gmail.com | finished in 4h24m0s |
| 2026-06-07 09:49 UTC | Netfilter/IPVS updates for net-next | 1 | pablo@netfilter.org | finished in 4h4m0s |
| 2026-06-06 20:26 UTC | net/netfilter/xt_recent: Use strscpy() to copy device name | 1 | david.laight.linux@gmail.com | finished in 4h44m0s |
| 2026-06-06 06:50 UTC | bridge: br_netfilter: pin bridge device while NFQUEUE holds fake dst | 4 | n05ec@lzu.edu.cn | finished in 1h1m0s |
| 2026-06-05 16:47 UTC | netfilter: flowtable: Validate iph->ihl in nf_flow_ip4_tunnel_proto() | 1 | lorenzo@kernel.org | finished in 4h19m0s |
| 2026-06-05 14:44 UTC | netfilter: add restrictions/validations for packet rewrite | 1 | fw@strlen.de | finished in 4h30m0s |
| 2026-06-05 13:11 UTC | netfilter: nf_conncount: fix gc and rbtree bugs | 4 | fw@strlen.de | finished in 1h30m0s |
| 2026-06-05 11:47 UTC | netfilter: nf_tables_offload: drop device refcount on error | 1 | fw@strlen.de | finished in 1h59m0s |
| 2026-06-04 21:17 UTC | netfilter: flowtable: fix IP6IP6 tunnel offset double-count with vlan/pppoe encap | 1 | devnexen@gmail.com | finished in 4h49m0s |
| 2026-06-04 17:32 UTC | bridge: br_netfilter: pin bridge device while NFQUEUE holds fake dst | 3 | n05ec@lzu.edu.cn | finished in 4h20m0s |
| 2026-06-04 17:10 UTC | netfilter: nf_flow_table: separate tunnel route state from direct xmit | 1 | n05ec@lzu.edu.cn | finished in 4h27m0s |
| 2026-06-04 15:03 UTC | netfilter: nf_conncount: fix gc and rbtree bugs | 3 | fw@strlen.de | finished in 1h28m0s |
| 2026-06-03 23:06 UTC | netfilter: nf_conncount: fix gc and | 2 | fw@strlen.de | finished in 1h16m0s |
| 2026-06-03 19:29 UTC | Eliminate variable declarations in switch cases | 1 | phil@nwl.cc | skipped |
| 2026-06-03 18:47 UTC | intervals: Fix for inconsistent union field use | 1 | phil@nwl.cc | skipped |
| 2026-06-03 11:24 UTC | netfilter: nf_conncount: misc bug fixes | 1 | fw@strlen.de | finished in 1h28m0s |
| 2026-06-03 07:38 UTC | netfilter: nf_conntrack: destroy stale expectfn expectations on unregister | 1 | bestswngs@gmail.com | finished in 4h25m0s |
| 2026-06-03 02:50 UTC | netfilter: flowtable: remove inline segmentation | 1 | qingfang.deng@linux.dev | finished in 3h59m0s |
| 2026-06-02 15:04 UTC | netfilter: nf_queue: reinject must revalidate bridge ports | 1 | fw@strlen.de | finished in 4h56m0s |
| 2026-06-02 13:31 UTC | selftests: nft_queue.sh: add a bridge queue test | 1 | fw@strlen.de | finished in 1h18m0s |
| 2026-06-02 13:07 UTC | tests: shell: packetpath/ct_count: Add missing socat feature test | 1 | phil@nwl.cc | skipped |
| 2026-06-02 12:34 UTC | conntrackd: remove redundant retry checks | 1 | ozhigov_dv@mail.ru | skipped |
| 2026-06-01 11:59 UTC | Netfilter/IPVS fixes for net | 1 | pablo@netfilter.org | finished in 4h41m0s |
| 2026-06-01 09:50 UTC | netfilter: bridge: ebt_redirect: don't assume bridge port exists | 1 | fw@strlen.de | finished in 2h52m0s |