CVE-2026-23412
HIGH EPSS 1.9%
Published Apr 2, 20262mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
Published Apr 2, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: defer hook memory release until rcu readers are done Yiming Qian reports UaF when concurrent process is dumping hooks via nfnetlink_hooks: BUG: KASAN: slab-use-after-free in nfnl_hook_dump_one.isra.0+0xe71/0x10f0 Read of size 8 at addr ffff888003edbf88 by task poc/79 Call Trace: <TASK> nfnl_hook_dump_one.isra.0+0xe71/0x10f0 netlink_dump+0x554/0x12b0 nfnl_hook_get+0x176/0x230 [..] Defer release until after concurrent readers have completed.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
1.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-416 Use After Free Memory Safety
Affected Products 12
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥6.4.1 – <6.6.130 |
| linux | linux_kernel | * | ≥6.7 – <6.12.78 |
| linux | linux_kernel | * | ≥6.13 – <6.18.20 |
| linux | linux_kernel | * | ≥6.19 – <6.19.10 |
| linux | linux_kernel | 6.4 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
References 5
- git.kernel.org https://git.kernel.org/stable/c/24f90fa3994b992d1a09003a3db2599330a5232a
- git.kernel.org https://git.kernel.org/stable/c/54244d54a971c26a0cd0a9073460ff71f3c51b32
- git.kernel.org https://git.kernel.org/stable/c/c25e0dec366ae99b7264324ce3c7cbaea34691f9
- git.kernel.org https://git.kernel.org/stable/c/cb2bf5efdb02a2a59faf603604a1066e8266f349
- git.kernel.org https://git.kernel.org/stable/c/d016c216bc75c45128160593a77b864a04dbe7c0
Remediation
- git.kernel.org https://git.kernel.org/stable/c/24f90fa3994b992d1a09003a3db2599330a5232a
- git.kernel.org https://git.kernel.org/stable/c/54244d54a971c26a0cd0a9073460ff71f3c51b32
- git.kernel.org https://git.kernel.org/stable/c/c25e0dec366ae99b7264324ce3c7cbaea34691f9
- git.kernel.org https://git.kernel.org/stable/c/cb2bf5efdb02a2a59faf603604a1066e8266f349
- git.kernel.org https://git.kernel.org/stable/c/d016c216bc75c45128160593a77b864a04dbe7c0