CVE-2026-23111

CWE-416Use After FreeCWE-67230 documents9 sources
Severity
7.8HIGH
EPSS
0.0%
top 96.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 13
Latest updateApr 14

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted element activity check compared to its non-catchall counterpart nft_mapelem_activate() and compared to what is logically required. nft_map_catchall_activate() is called from the abort path to re-activate catchall map elements that were deactivated during a failed transaction. It should skip elements that

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages23 packages

NVDlinux/linux_kernel4.19.3164.20+10
CVEListV5linux/linux25aa2ad37c2162be1c0bc4fe6397f7e4c13f00f88c760ba4e36c750379d13569f23f5a6e185333f5+10
Debianlinux< 6.1.164-1+2
Ubuntulinux< 6.8.0-107.107+1
Debianlinux-6.1< 6.1.164-1~deb11u1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

8
OSV
linux-realtime-6.17 vulnerabilities2026-04-06
OSV
linux, linux-aws, linux-aws-6.17, linux-gcp, linux-gcp-6.17, linux-hwe-6.17, linux-realtime vulnerabilities2026-04-02
OSV
linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-ibm, linux-lowlatency, linux-nvidia, linux-raspi vulnerabilities2026-04-02
OSV
linux-realtime, linux-realtime-6.8, linux-raspi-realtime vulnerabilities2026-04-02
OSV
linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities2026-04-02

📋Vendor Advisories

19
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-14
Ubuntu
Kernel Live Patch Security Notice2026-04-13
Ubuntu
Linux kernel (Azure) vulnerabilities2026-04-13
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-04-09

🕵️Threat Intelligence

1
Wiz
CVE-2026-23111 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-23111 kernel: Kernel: Privilege escalation or denial of service in nf_tables via inverted element activity check2026-02-13
CVE-2026-23111 (HIGH CVSS 7.8) | In the Linux kernel | cvebase.io