CVE-2026-23385 — Allocation of Resources Without Limits or Throttling in Linux

CWE-770 — Allocation of Resources Without Limits or Throttling7 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 94.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: clone set on flush only Syzbot with fault injection triggered a failing memory allocation with GFP_KERNEL which results in a WARN splat: iter.err WARNING: net/netfilter/nf_tables_api.c:845 at nft_map_deactivate+0x34e/0x3c0 net/netfilter/nf_tables_api.c:845, CPU#0: syz.0.17/5992 Modules linked in: CPU: 0 UID: 0 PID: 5992 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Co…

Affected Packages4 packages

▶Linuxlinux/linux_kernel6.10.0 — 6.18.17+1

▶Debianlinux/linux_kernel< 6.19.8-1

▶CVEListV5linux/linux3f1d886cc7c3525d4dbeee24bfa9bb3fe0d48ddc — 9154945a6394029822bd08c24cef5a3f86d0424a+3

▶debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

GHSA

GHSA-g792-jhj8-228v: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: clone set on flush only Syzbot with fault injection trigge↗2026-03-25

▶

OSV

CVE-2026-23385: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: clone set on flush only Syzbot with fault injection triggere↗2026-03-25

▶

OSV

netfilter: nf_tables: clone set on flush only↗2026-03-25

▶

📋Vendor Advisories

Red Hat

kernel: netfilter: nf_tables: clone set on flush only↗2026-03-25

▶

Debian

CVE-2026-23385: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23385 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶