CVE-2026-23399
Published: Mar 28, 2026
Modified: Jun 1, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: nf_tables: nft_dynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the element via GFP_ATOMIC fails, then the first stateful expression remains in place without being released. unreferenced object (percpu) 0x607b97e9cab8 (size 16): comm "softirq", pid 0, jiffies 4294931867 hex dump (first 16 bytes on cpu 3): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 backtrace (crc 0): pcpu_alloc_noprof+0x453/0xd80 nft_counter_clone+0x9c/0x190 [nf_tables] nft_expr_clone+0x8f/0x1b0 [nf_tables] nft_dynset_new+0x2cb/0x5f0 [nf_tables] nft_rhash_update+0x236/0x11c0 [nf_tables] nft_dynset_eval+0x11f/0x670 [nf_tables] nft_do_chain+0x253/0x1700 [nf_tables] nft_do_chain_ipv4+0x18d/0x270 [nf_tables] nf_hook_slow+0xaa/0x1e0 ip_local_deliver+0x209/0x330
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 563125a73ac30d7036ae69ca35c40500562c1de4 - < eb7bf413e59945df03d4567b73ce464eebe2f4eaaffected 563125a73ac30d7036ae69ca35c40500562c1de4 - < 4357dbb1d9c35ca0b4443d71c98a48e6666f7689affected 563125a73ac30d7036ae69ca35c40500562c1de4 - < e6661add2d9c6913e1dad97336595e23a2bed195affected 563125a73ac30d7036ae69ca35c40500562c1de4 - < d1354873cbe3b344899c4311ac05897fd83e3f21affected 563125a73ac30d7036ae69ca35c40500562c1de4 - < 31641c682db73353e4647e40735c7f2a75ff58ef+2 more versions |
Linux | Linux | affected 5.11unaffected 0 - < 5.11unaffected 5.15.209 - <= 5.15.*unaffected 6.1.175 - <= 6.1.*unaffected 6.6.136 - <= 6.6.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now