| Published | Title | Version | Author | Status |
|---|---|---|---|---|
| 2026-06-13 10:27 UTC | netfilter: xt_nat: bridge nft_compat rule can trigger NULL-deref | 1 | n05ec@lzu.edu.cn | in progress |
| 2026-06-12 09:22 UTC | netdevsim: add fake FT/CLS_FLOWER offload | 2 | fw@strlen.de | finished in 4h10m0s |
| 2026-06-11 12:52 UTC | parser_bison: Fix for bison < 3.6 | 2 | phil@nwl.cc | skipped |
| 2026-06-11 07:21 UTC | netfilter: xt_cluster: reject template conntracks in hash match | 1 | n05ec@lzu.edu.cn | finished in 4h52m0s |
| 2026-06-11 04:21 UTC | netfilter: nft_synproxy: stop bypassing the priv->info snapshot | 1 | runyu.xiao@seu.edu.cn | finished in 4h54m0s |
| 2026-06-10 16:16 UTC | Netfilter fixes for net | 1 | pablo@netfilter.org | finished in 4h34m0s |
| 2026-06-10 11:57 UTC | profiling: Include unistd.h to avoid compiler warnings | 1 | phil@nwl.cc | skipped |
| 2026-06-10 11:57 UTC | parser_bison: Fix for bison < 3.6 | 1 | phil@nwl.cc | skipped |
| 2026-06-10 10:39 UTC | netfilter: fix two remaining stale-stack register leaks | 2 | d.ornaghi97@gmail.com | finished in 4h27m0s |
| 2026-06-10 10:30 UTC | objopt: restrict NFCT_GOPT_IS_{S,D}PAT to supported layer 4 protocols | 1 | pablo@netfilter.org | skipped |
| 2026-06-09 22:55 UTC | netfilter: nf_log: validate MAC header was set before dumping it | 2 | xmei5@asu.edu | finished in 4h18m0s |
| 2026-06-09 22:18 UTC | netfilter: nf_dup_netdev: add nf_dev_xmit_recursion*() helpers and use them | 1 | pablo@netfilter.org | finished in 4h39m0s |
| 2026-06-09 21:32 UTC | netfilter: flowtable: bail out if forward path cannot be discovered | 1 | pablo@netfilter.org | finished in 2h25m0s |
| 2026-06-09 16:32 UTC | netfilter: fix two remaining stale-stack register leaks | 1 | d.ornaghi97@gmail.com | finished in 4h41m0s |
| 2026-06-09 07:27 UTC | netfilter: ipset fixes, second batch | 2 | kadlec@netfilter.org |
finished
in 4h47m0s
[8 findings] |
| 2026-06-08 22:56 UTC | ipvs: fix doc syntax for conn_max sysctl | 1 | ja@ssi.bg | finished in 2h9m0s |
| 2026-06-08 21:21 UTC | netfilter: conntrack: check NULL when calling nf_ct_ext_find() | 1 | pablo@netfilter.org | finished in 4h57m0s |
| 2026-06-08 17:06 UTC | netfilter: flowtable: use pskb_may_pull() in nf_flow_ip6_tunnel_proto() | 1 | lorenzo@kernel.org | finished in 4h21m0s |
| 2026-06-08 12:33 UTC | netfilter: flowtable: Validate iph->ihl in nf_flow_ip4_tunnel_proto() | 2 | lorenzo@kernel.org | finished in 4h19m0s |
| 2026-06-08 10:31 UTC | netfilter: nf_reject_ipv6: do not reject ICMPv6 Redirect with an ICMPv6 error | 1 | sayooj@aerlync.com | finished in 5h10m0s |
| 2026-06-08 09:54 UTC | net/netfilter/nfnetlink_cttimeout: Use strscpy() to copy strings into arrays | 1 | david.laight.linux@gmail.com | finished in 4h58m0s |
| 2026-06-08 05:43 UTC | bridge: br_netfilter: pin bridge device while NFQUEUE holds fake dst | 5 | n05ec@lzu.edu.cn | finished in 1h45m0s |
| 2026-06-08 00:11 UTC | netfilter: nf_log: validate MAC header was set before dumping it | 1 | xmei5@asu.edu | finished in 4h5m0s |
| 2026-06-07 16:44 UTC | netfilter: synproxy: fix unaligned access to TCP timestamp option | 1 | rosenp@gmail.com | finished in 4h24m0s |
| 2026-06-07 09:49 UTC | Netfilter/IPVS updates for net-next | 1 | pablo@netfilter.org | finished in 4h4m0s |
| 2026-06-06 20:26 UTC | net/netfilter/xt_recent: Use strscpy() to copy device name | 1 | david.laight.linux@gmail.com | finished in 4h44m0s |
| 2026-06-06 06:50 UTC | bridge: br_netfilter: pin bridge device while NFQUEUE holds fake dst | 4 | n05ec@lzu.edu.cn | finished in 1h1m0s |
| 2026-06-05 16:47 UTC | netfilter: flowtable: Validate iph->ihl in nf_flow_ip4_tunnel_proto() | 1 | lorenzo@kernel.org | finished in 4h19m0s |
| 2026-06-04 21:17 UTC | netfilter: flowtable: fix IP6IP6 tunnel offset double-count with vlan/pppoe encap | 1 | devnexen@gmail.com | finished in 4h49m0s |
| 2026-06-04 17:32 UTC | bridge: br_netfilter: pin bridge device while NFQUEUE holds fake dst | 3 | n05ec@lzu.edu.cn | finished in 4h20m0s |
| 2026-06-04 17:10 UTC | netfilter: nf_flow_table: separate tunnel route state from direct xmit | 1 | n05ec@lzu.edu.cn | finished in 4h27m0s |
| 2026-06-03 19:29 UTC | Eliminate variable declarations in switch cases | 1 | phil@nwl.cc | skipped |
| 2026-06-03 18:47 UTC | intervals: Fix for inconsistent union field use | 1 | phil@nwl.cc | skipped |
| 2026-06-03 07:38 UTC | netfilter: nf_conntrack: destroy stale expectfn expectations on unregister | 1 | bestswngs@gmail.com | finished in 4h25m0s |
| 2026-06-03 02:50 UTC | netfilter: flowtable: remove inline segmentation | 1 | qingfang.deng@linux.dev | finished in 3h59m0s |
| 2026-06-01 11:59 UTC | Netfilter/IPVS fixes for net | 1 | pablo@netfilter.org | finished in 4h41m0s |
| 2026-05-31 15:50 UTC | Add IPv4 over IPv6 and SIT flowtable SW acceleration | 3 | lorenzo@kernel.org | finished in 3h56m0s |
| 2026-05-28 22:34 UTC | netfilter: TCPMSS: fix dropped packets when MSS option is unaligned | 2 | kacper.kokot.44@gmail.com | finished in 1h16m0s |
| 2026-05-28 15:28 UTC | netfilter: nft_payload: validate offset for all csum_type paths | 2 | 25esihoya@gmail.com | finished in 1h6m0s |
| 2026-05-28 15:28 UTC | netfilter: nft_payload: validate offset for all csum_type paths | 2 | 25esihoya@gmail.com | finished in 1h6m0s |
| 2026-05-28 13:39 UTC | netfilter: nft_payload: move offset bounds check outside csum condition | 1 | 25esihoya@gmail.com | finished in 1h4m0s |
| 2026-05-28 11:09 UTC | netfilter: nft_ct: bail out on template ct in get eval | 2 | jiayuan.chen@linux.dev | finished in 4h51m0s |
| 2026-05-28 07:21 UTC | netfilter: ipvs: fix ct refcount leak when template is invalid | 1 | vulab@iscas.ac.cn |
finished
in 4h49m0s
[1 findings] |
| 2026-05-28 07:08 UTC | netfilter: flowtable: fix offloaded ct timeout never being extended | 2 | adibente@gmail.com | finished in 4h28m0s |
| 2026-05-27 13:57 UTC | netfilter: nft_tunnel: fix use-after-free on object destroy | 1 | tristmd@gmail.com | finished in 1h43m0s |
| 2026-05-27 08:18 UTC | ipvs: Replace use of system_unbound_wq with system_dfl_long_wq | 3 | marco.crivellari@suse.com | finished in 1h24m0s |
| 2026-05-26 16:40 UTC | add refcount to ct timeout/helper | 1 | pablo@netfilter.org | finished in 4h27m0s |
| 2026-05-26 06:01 UTC | netfilter: flowtable: fix offloaded ct timeout never being extended | 1 | adibente@gmail.com | finished in 4h2m0s |
| 2026-05-26 03:21 UTC | bridge: br_netfilter: move fake rtable off struct net_bridge | 2 | n05ec@lzu.edu.cn | finished in 4h9m0s |
| 2026-05-25 21:58 UTC | netfilter: nf_conntrack: use get_unaligned_be32() in tcp_sack() | 1 | rosenp@gmail.com | finished in 3h56m0s |
| 2026-05-25 20:11 UTC | netfilter: TCPMSS: fix dropped packets when MSS option is unaligned | 1 | kacper.kokot.44@gmail.com | finished in 4h9m0s |
| 2026-05-25 18:29 UTC | netfilter: updates for net-next | 1 | fw@strlen.de | finished in 4h8m0s |
| 2026-05-25 16:24 UTC | netfilter: flowtable: resolve LAG slave for direct HW offload | 1 | hurryman2212@gmail.com | finished in 4h45m0s |
| 2026-05-25 15:35 UTC | netfilter: nfnetlink_osf: fix mss parsing on big-endian architectures | 1 | fmancera@suse.de | finished in 1h3m0s |
| 2026-05-25 04:07 UTC | ipvs: clear the svc scheduler ptr early on edit | 1 | ja@ssi.bg | finished in 4h1m0s |
| 2026-05-25 03:54 UTC | ipvs: add conn_max sysctl to limit connections | 3 | ja@ssi.bg | finished in 4h4m0s |
| 2026-05-23 17:27 UTC | ipvs: add conn_max sysctl to limit connections | 2 | ja@ssi.bg | finished in 4h7m0s |
| 2026-05-23 15:26 UTC | netfilter: flowtable: avoid num_encaps underflow on bridge VLAN untag | 1 | devnexen@gmail.com | finished in 1h42m0s |
| 2026-05-23 13:15 UTC | netfilter: ipset fixes, second batch | 1 | kadlec@netfilter.org | finished in 4h9m0s |
| 2026-05-22 10:55 UTC | ipvs: add conn_max sysctl to limit connections | 1 | ja@ssi.bg | finished in 4h26m0s |
| 2026-05-22 10:47 UTC | netfilter: xt_NFQUEUE: prefer raw_smp_processor_id | 1 | fmancera@suse.de | finished in 4h26m0s |
| 2026-05-22 10:42 UTC | netfilter: updates for net | 1 | fw@strlen.de | finished in 4h42m0s |
| 2026-05-20 02:34 UTC | netfilter: nft_fib_ipv6: handle routes via external nexthop | 2 | jiayuan.chen@linux.dev | finished in 4h25m0s |
| 2026-05-19 21:38 UTC | netfilter: nfnetlink_cthelper: use {READ,WRITE}_ONCE for accessing helper flags | 1 | pablo@netfilter.org |
finished
in 4h26m0s
[1 findings] |
| 2026-05-19 21:23 UTC | netfilter: nf_conntrack_irc: fix parse_dcc() off-by-one OOB read | 1 | meatuni001@gmail.com | finished in 1h40m0s |
| 2026-05-19 19:36 UTC | netfilter: synproxy: refresh tcphdr after skb_ensure_writable | 1 | clm@meta.com | finished in 4h5m0s |
| 2026-05-19 04:14 UTC | netfilter: nft_fib_ipv6: handle routes via external nexthop | 1 | jiayuan.chen@linux.dev | finished in 4h10m0s |
| 2026-05-19 01:55 UTC | ipvs: Use flexible array for MH lookup table | 1 | rosenp@gmail.com | finished in 2h4m0s |
| 2026-05-17 23:49 UTC | xfrm: validate IPv4 header length before output transforms | 1 | michael.bommarito@gmail.com | finished in 4h1m0s |
| 2026-05-17 14:50 UTC | netfilter: ipset: preserve comment lifetime across resize and gc expiry | 2 | n05ec@lzu.edu.cn | finished in 4h9m0s |
| 2026-05-17 11:37 UTC | netfilter: nf_dup: preserve socket ownership on egress duplicates | 1 | n05ec@lzu.edu.cn | finished in 2h18m0s |
| 2026-05-16 15:23 UTC | netfilter: disable payload mangling in userns | 1 | tpluszz77@gmail.com | finished in 4h1m0s |
| 2026-05-16 11:56 UTC | Netfilter/IPVS fixes for net | 1 | pablo@netfilter.org | finished in 4h2m0s |
| 2026-05-15 13:51 UTC | net: Replace system_unbound_wq with system_dfl_wq | 2 | marco.crivellari@suse.com | finished in 1h59m0s |
| 2026-05-15 03:19 UTC | netfilter: nf_queue: hold bridge skb->dev while queued | 2 | n05ec@lzu.edu.cn | finished in 4h18m0s |
| 2026-05-14 14:46 UTC | net: neigh: Reallocate headroom if necessary in neigh_hh_bridge() | 4 | lorenzo@kernel.org | finished in 4h32m0s |
| 2026-05-14 14:16 UTC | netfilter: nf_conncount: prevent connlimit drops for early confirmed ct | 2 | fmancera@suse.de | finished in 4h24m0s |
| 2026-05-14 08:55 UTC | netfilter: ipset fixes | 7 | kadlec@netfilter.org |
finished
in 4h50m0s
[3 findings] |
| 2026-05-14 04:05 UTC | netfilter: xt_IDLETIMER: scope timer reuse to the owning netns | 1 | n05ec@lzu.edu.cn | finished in 4h29m0s |
| 2026-05-14 03:48 UTC | bridge: br_netfilter: give fake rtable its own lifetime | 1 | n05ec@lzu.edu.cn | finished in 4h38m0s |
| 2026-05-13 16:40 UTC | net: neigh: Reallocate headroom if necessary in neigh_hh_bridge() | 3 | lorenzo@kernel.org | finished in 4h30m0s |
| 2026-05-13 12:15 UTC | netfilter: nf_conncount: prevent connlimit drops for early confirmed ct | 1 | fmancera@suse.de | finished in 4h33m0s |
| 2026-05-13 07:57 UTC | netfilter: ip6t_hbh: reject oversized option lists | 1 | n05ec@lzu.edu.cn | finished in 4h58m0s |
| 2026-05-13 05:54 UTC | netfilter: ipset: fix comment extension lifetime during hash resize | 1 | n05ec@lzu.edu.cn | finished in 4h52m0s |
| 2026-05-13 01:33 UTC | net: pppoe: implement GRO/GSO support | 10 | qingfang.deng@linux.dev | finished in 4h52m0s |
| 2026-05-12 22:44 UTC | netfilter: nf_queue: hold reference on skb->dev | 1 | pablo@netfilter.org | finished in 4h36m0s |
| 2026-05-12 21:55 UTC | netfilter: nf_conntrack_proto_tcp: fix typos in comments | 1 | avinash.duduskar@gmail.com | finished in 1h32m0s |
| 2026-05-12 20:58 UTC | netfilter: conntrack: add dead flag to helpers | 1 | pablo@netfilter.org | finished in 5h9m0s |
| 2026-05-12 20:51 UTC | ipv4: harden against ihl < 5 IP_HDRINCL packets | 1 | michael.bommarito@gmail.com | finished in 4h34m0s |
| 2026-05-12 10:34 UTC | selftests: netfilter: Add bridge_fastpath.sh | 5 | ericwouds@gmail.com | finished in 2h9m0s |
| 2026-05-12 10:33 UTC | conntrack: bridge: add double vlan, pppoe and pppoe-in-q | 20 | ericwouds@gmail.com | finished in 4h38m0s |
| 2026-05-12 07:57 UTC | netfilter: nf_queue: hold bridge skb->dev while queued | 1 | n05ec@lzu.edu.cn | finished in 4h33m0s |
| 2026-05-11 20:06 UTC | cache: honor -c/--check for reset commands | 1 | pablo@netfilter.org | skipped |
| 2026-05-11 17:30 UTC | netfilter: nft_inner: Fix IPv6 inner_thoff desync | 2 | zhaoyz24@mails.tsinghua.edu.cn | finished in 5h16m0s |
| 2026-05-11 15:57 UTC | net: neigh: Reallocate headroom if necessary in neigh_hh_bridge() | 2 | lorenzo@kernel.org | finished in 4h27m0s |
| 2026-05-11 14:43 UTC | netfilter: conntrack: tcp: do not force CLOSE on invalid-seq RST without direction check | 1 | hamzamahfooz@linux.microsoft.com | finished in 4h42m0s |
| 2026-05-11 14:37 UTC | netfilter: nf_tables: fix dst corruption in same register operation | 4 | fmancera@suse.de | finished in 4h44m0s |
| 2026-05-11 13:47 UTC | net: Replace system_unbound_wq with system_dfl_wq | 1 | marco.crivellari@suse.com | finished in 1h51m0s |
| 2026-05-11 13:37 UTC | netfilter: nft_inner: Fix IPv6 inner_thoff desync | 2 | zhaoyz24@mails.tsinghua.edu.cn | finished in 4h48m0s |
| 2026-05-10 13:19 UTC | netfilter: nft_inner: Fix IPv6 inner_thoff desync | 1 | zhaoyz24@mails.tsinghua.edu.cn | finished in 4h8m0s |