CVE-2026-23392 — Expired Pointer Dereference in Linux
Severity
7.8HIGHNVD
EPSS
0.0%
top 97.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 25
Description
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: release flowtable after rcu grace period on error
Call synchronize_rcu() after unregistering the hooks from error path,
since a hook that already refers to this flowtable can be already
registered, exposing this flowtable to packet path and nfnetlink_hook
control plane.
This error path is rare, it should only happen by reaching the maximum
number hooks or by failing to set up to hardware offload, just ca…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages5 packages
▶CVEListV5linux/linux3b49e2e94e6ebb8b23d0955d9e898254455734f8 — d2632de96ccb066e0131ad1494241b9c281c60b8+6
🔴Vulnerability Details
3GHSA▶
GHSA-f5vj-m443-mgw6: In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: release flowtable after rcu grace period on error
Call syn↗2026-03-25
OSV▶
CVE-2026-23392: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flowtable after rcu grace period on error Call synch↗2026-03-25
📋Vendor Advisories
3Debian▶
CVE-2026-23392: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ...↗2026