5.5
CVE-2026-23399
- EPSS 0.12%
- Veröffentlicht 28.03.2026 07:16:09
- Zuletzt bearbeitet 01.06.2026 17:16:45
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
nf_tables: nft_dynset: fix possible stateful expression memleak in error path
In the Linux kernel, the following vulnerability has been resolved: nf_tables: nft_dynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the element via GFP_ATOMIC fails, then the first stateful expression remains in place without being released. unreferenced object (percpu) 0x607b97e9cab8 (size 16): comm "softirq", pid 0, jiffies 4294931867 hex dump (first 16 bytes on cpu 3): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 backtrace (crc 0): pcpu_alloc_noprof+0x453/0xd80 nft_counter_clone+0x9c/0x190 [nf_tables] nft_expr_clone+0x8f/0x1b0 [nf_tables] nft_dynset_new+0x2cb/0x5f0 [nf_tables] nft_rhash_update+0x236/0x11c0 [nf_tables] nft_dynset_eval+0x11f/0x670 [nf_tables] nft_do_chain+0x253/0x1700 [nf_tables] nft_do_chain_ipv4+0x18d/0x270 [nf_tables] nf_hook_slow+0xaa/0x1e0 ip_local_deliver+0x209/0x330
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.11.1 < 6.12.78
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.20
Linux ≫ Linux Kernel Version >= 6.19 < 6.19.10
Linux ≫ Linux Kernel Version5.11 Update-
Linux ≫ Linux Kernel Version7.0 Updaterc1
Linux ≫ Linux Kernel Version7.0 Updaterc2
Linux ≫ Linux Kernel Version7.0 Updaterc3
Linux ≫ Linux Kernel Version7.0 Updaterc4
Linux ≫ Linux Kernel Version7.0 Updaterc5
Linux ≫ Linux Kernel Version7.0 Updaterc6
Linux ≫ Linux Kernel Version7.0 Updaterc7
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.022 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/d1354873cbe3b344899c4311ac05897fd83e3f21
https://git.kernel.org/stable/c/31641c682db73353e4647e40735c7f2a75ff58ef
https://git.kernel.org/stable/c/c88a9fd26cee365bec932196f76175772a941cca
https://git.kernel.org/stable/c/0548a13b5a145b16e4da0628b5936baf35f51b43
https://git.kernel.org/stable/c/e6661add2d9c6913e1dad97336595e23a2bed195
https://git.kernel.org/stable/c/4357dbb1d9c35ca0b4443d71c98a48e6666f7689
https://git.kernel.org/stable/c/eb7bf413e59945df03d4567b73ce464eebe2f4ea