CVE-2026-45897

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: nft_counter: serialize reset with spinlock<br /> <br /> Add a global static spinlock to serialize counter fetch+reset<br /> operations, preventing concurrent dump-and-reset from underrunning<br /> values.<br /> <br /> The lock is taken before fetching the total so that two parallel<br /> resets cannot both read the same counter values and then both<br /> subtract them.<br /> <br /> A global lock is used for simplicity since resets are infrequent.<br /> If this becomes a bottleneck, it can be replaced with a per-net<br /> lock later.