CVE-2026-23391

HIGH EPSS 2.4%
Published Mar 25, 20263mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Mar 25, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_CT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are sitting in nfqueue refer to: - helper, this can be an issue on module removal. - timeout policy, nfnetlink_cttimeout might remove it. The use of templates with zone and event cache filter are safe, since this just copies values. Flush these enqueued packets in case the template rule gets removed.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 15

VendorProductVersionRange
linuxlinux_kernel*≥3.4.1  –  <5.10.253
linuxlinux_kernel*≥5.11  –  <5.15.203
linuxlinux_kernel*≥5.16  –  <6.1.167
linuxlinux_kernel*≥6.2  –  <6.6.130
linuxlinux_kernel*≥6.7  –  <6.12.78
linuxlinux_kernel*≥6.13  –  <6.18.20
linuxlinux_kernel*≥6.19  –  <6.19.10
linuxlinux_kernel3.4any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/19a230dec6bb8928e3f96387f9085cf2c79bcef9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/55445134d42b84cb0a272e42c98d233ca65eca83
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/63b8097cea1923fe82cd598068d0796da8c015ec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/777d02efe3d630cca4c1b63962cec17c57711325
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cb549925875fa06dd155e49db4ac2c5044c30f9c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cc57506dd66555899560b9c0f24e813f034e12ec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d2d0bae0c9a2a17b6990a2966f5cdce0813d6256
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f62a218a946b19bb59abdd5361da85fa4606b96b
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/19a230dec6bb8928e3f96387f9085cf2c79bcef9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/55445134d42b84cb0a272e42c98d233ca65eca83
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/63b8097cea1923fe82cd598068d0796da8c015ec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/777d02efe3d630cca4c1b63962cec17c57711325
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cb549925875fa06dd155e49db4ac2c5044c30f9c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cc57506dd66555899560b9c0f24e813f034e12ec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d2d0bae0c9a2a17b6990a2966f5cdce0813d6256
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f62a218a946b19bb59abdd5361da85fa4606b96b
    Patch