CVE-2026-23351 — Expired Pointer Dereference in Linux
Severity
7.8HIGHNVD
EPSS
0.0%
top 98.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 25
Description
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: split gc into unlink and reclaim phase
Yiming Qian reports Use-after-free in the pipapo set type:
Under a large number of expired elements, commit-time GC can run for a very
long time in a non-preemptible context, triggering soft lockup warnings and
RCU stall reports (local denial of service).
We must split GC in an unlink and a reclaim phase.
We cannot queue elements for freeing until pointers hav…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages5 packages
▶CVEListV5linux/linux3c4287f62044a90e73a561aa05fc46e62da173da — 16f3595c0441d87dfa005c47d8f95be213afaa9e+6
🔴Vulnerability Details
4OSV▶
CVE-2026-23351: In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: split gc into unlink and reclaim phase Yiming Qian repo↗2026-03-25
GHSA▶
GHSA-42q3-4jmh-pwqx: In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: split gc into unlink and reclaim phase
Yiming Qian re↗2026-03-25