CVE-2026-23399Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime8 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 28

Description

In the Linux kernel, the following vulnerability has been resolved: nf_tables: nft_dynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the element via GFP_ATOMIC fails, then the first stateful expression remains in place without being released. unreferenced object (percpu) 0x607b97e9cab8 (size 16): comm "softirq", pid 0, jiffies 4294931867 hex dump (first 16 bytes on cpu 3): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 backtrace (crc

Affected Packages5 packages

Linuxlinux/linux_kernel5.11.06.12.78+2
Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linux563125a73ac30d7036ae69ca35c40500562c1de4d1354873cbe3b344899c4311ac05897fd83e3f21+4
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

3
OSV
nf_tables: nft_dynset: fix possible stateful expression memleak in error path2026-03-28
OSV
CVE-2026-23399: In the Linux kernel, the following vulnerability has been resolved: nf_tables: nft_dynset: fix possible stateful expression memleak in error path If c2026-03-28
GHSA
GHSA-vfh6-r892-92wv: In the Linux kernel, the following vulnerability has been resolved: nf_tables: nft_dynset: fix possible stateful expression memleak in error path If2026-03-28

📋Vendor Advisories

3
Red Hat
kernel: nf_tables: nft_dynset: fix possible stateful expression memleak in error path2026-03-28
Microsoft
nf_tables: nft_dynset: fix possible stateful expression memleak in error path2026-03-10
Debian
CVE-2026-23399: linux - In the Linux kernel, the following vulnerability has been resolved: nf_tables: ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23399 Impact, Exploitability, and Mitigation Steps | Wiz