CVE-2026-23333 — Improper Validation of Consistency within Input in Linux
Severity
5.5MEDIUM
No vectorEPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 25
Description
netfilter: nft_set_rbtree: validate open interval overlap
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_rbtree: validate open interval overlap
Open intervals do not have an end element, in particular an open
interval at the end of the set is hard to validate because of it is
lacking the end element, and interval validation relies on such end
element to perform the checks.
This patch adds a new flag field to struct nft_set_elem, this is not an
issue be…
Affected Packages2 packages
▶CVEListV5linux/linux7c84d41416d836ef7e533bd4d64ccbdf40c5ac70 — 648946966a08e4cb1a71619e3d1b12bd7642de7b+1
🔴Vulnerability Details
5OSV▶
CVE-2026-23333: In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: validate open interval overlap [ Upstream commit 648946↗2026-03-25
OSV▶
CVE-2026-23333: In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: validate open interval overlap Open intervals do not ha↗2026-03-25
GHSA▶
GHSA-cjvf-cwjj-wrgm: In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_rbtree: validate open interval overlap
[ Upstream commit 6489↗2026-03-25
📋Vendor Advisories
3🕵️Threat Intelligence
1💬Community
1Bugzilla
▶