7.8

CVE-2026-23278

netfilter: nf_tables: always walk all pending catchall elements

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: always walk all pending catchall elements

During transaction processing we might have more than one catchall element:
1 live catchall element and 1 pending element that is coming as part of the
new batch.

If the map holding the catchall elements is also going away, its
required to toggle all catchall elements and not just the first viable
candidate.

Otherwise, we get:
 WARNING: ./include/net/netfilter/nf_tables.h:1281 at nft_data_release+0xb7/0xe0 [nf_tables], CPU#2: nft/1404
 RIP: 0010:nft_data_release+0xb7/0xe0 [nf_tables]
 [..]
 __nft_set_elem_destroy+0x106/0x380 [nf_tables]
 nf_tables_abort_release+0x348/0x8d0 [nf_tables]
 nf_tables_abort+0xcf2/0x3ac0 [nf_tables]
 nfnetlink_rcv_batch+0x9c9/0x20e0 [..]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19.316 < 4.20
LinuxLinux Kernel Version >= 5.4.262 < 5.5
LinuxLinux Kernel Version >= 5.10.188 < 5.11
LinuxLinux Kernel Version >= 5.15.121 < 5.16
LinuxLinux Kernel Version >= 6.1.36 < 6.2
LinuxLinux Kernel Version >= 6.3.10 < 6.4
LinuxLinux Kernel Version >= 6.4.1 < 6.12.78
LinuxLinux Kernel Version >= 6.13 < 6.18.19
LinuxLinux Kernel Version >= 6.19 < 6.19.9
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
LinuxLinux Kernel Version7.0 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.06
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/de47a88c6b807910f05703fb6605f7efdaa11417
Patch
https://git.kernel.org/stable/c/77c26b5056d693ffe5e9f040e946251cdb55ae55
Patch
https://git.kernel.org/stable/c/7cb9a23d7ae40a702577d3d8bacb7026f04ac2a9
Patch
https://git.kernel.org/stable/c/eb0948fa13298212c5f8b30ee48efdae4389ab09
Patch
https://git.kernel.org/stable/c/4830fb44d12f586f3f544609e086933649a9175a
https://git.kernel.org/stable/c/c4d4e86fda707d89eaba80e343321737375f8582