CVE-2026-23399

MEDIUM EPSS 2.2%
Published Mar 28, 20263mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Mar 28, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: nf_tables: nft_dynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the element via GFP_ATOMIC fails, then the first stateful expression remains in place without being released.   unreferenced object (percpu) 0x607b97e9cab8 (size 16):     comm "softirq", pid 0, jiffies 4294931867     hex dump (first 16 bytes on cpu 3):       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     backtrace (crc 0):       pcpu_alloc_noprof+0x453/0xd80       nft_counter_clone+0x9c/0x190 [nf_tables]       nft_expr_clone+0x8f/0x1b0 [nf_tables]       nft_dynset_new+0x2cb/0x5f0 [nf_tables]       nft_rhash_update+0x236/0x11c0 [nf_tables]       nft_dynset_eval+0x11f/0x670 [nf_tables]       nft_do_chain+0x253/0x1700 [nf_tables]       nft_do_chain_ipv4+0x18d/0x270 [nf_tables]       nf_hook_slow+0xaa/0x1e0       ip_local_deliver+0x209/0x330

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥5.11.1  –  <6.12.78
linuxlinux_kernel*≥6.13  –  <6.18.20
linuxlinux_kernel*≥6.19  –  <6.19.10
linuxlinux_kernel5.11any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/0548a13b5a145b16e4da0628b5936baf35f51b43
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/31641c682db73353e4647e40735c7f2a75ff58ef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4357dbb1d9c35ca0b4443d71c98a48e6666f7689
  • git.kernel.org https://git.kernel.org/stable/c/c88a9fd26cee365bec932196f76175772a941cca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d1354873cbe3b344899c4311ac05897fd83e3f21
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e6661add2d9c6913e1dad97336595e23a2bed195
  • git.kernel.org https://git.kernel.org/stable/c/eb7bf413e59945df03d4567b73ce464eebe2f4ea

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0548a13b5a145b16e4da0628b5936baf35f51b43
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/31641c682db73353e4647e40735c7f2a75ff58ef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c88a9fd26cee365bec932196f76175772a941cca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d1354873cbe3b344899c4311ac05897fd83e3f21
    Patch