CVE-2026-23278
Received Received - Intake
Use-After-Free Vulnerability in Linux Kernel nf_tables Component

Publication date: 2026-03-20

Last updated on: 2026-04-02

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: always walk all pending catchall elements During transaction processing we might have more than one catchall element: 1 live catchall element and 1 pending element that is coming as part of the new batch. If the map holding the catchall elements is also going away, its required to toggle all catchall elements and not just the first viable candidate. Otherwise, we get: WARNING: ./include/net/netfilter/nf_tables.h:1281 at nft_data_release+0xb7/0xe0 [nf_tables], CPU#2: nft/1404 RIP: 0010:nft_data_release+0xb7/0xe0 [nf_tables] [..] __nft_set_elem_destroy+0x106/0x380 [nf_tables] nf_tables_abort_release+0x348/0x8d0 [nf_tables] nf_tables_abort+0xcf2/0x3ac0 [nf_tables] nfnetlink_rcv_batch+0x9c9/0x20e0 [..]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-20
Last Modified
2026-04-02
Generated
2026-05-07
AI Q&A
2026-03-20
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23278
EUVD
EUVD-2026-13614
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux_kernel nf_tables *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's netfilter nf_tables component. During transaction processing, there can be more than one catchall element: one live catchall element and one pending element from a new batch. If the map holding these catchall elements is removed, the system must toggle all catchall elements, not just the first viable one. Failing to do so can cause warnings and potential errors during element release, as the system does not properly handle all pending catchall elements.


How can this vulnerability impact me? :

This vulnerability can lead to warnings and errors in the nf_tables subsystem of the Linux kernel, potentially causing instability or unexpected behavior during network packet filtering operations. If the catchall elements are not properly toggled, it may result in resource management issues or kernel warnings that could affect system reliability.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring system logs for specific warning messages related to nf_tables. The presence of warnings such as "WARNING: ./include/net/netfilter/nf_tables.h:1281 at nft_data_release+0xb7/0xe0 [nf_tables]" indicates the issue.

You can use commands like 'dmesg' or 'journalctl' to search for these warning messages in the kernel logs.

  • dmesg | grep nf_tables
  • journalctl -k | grep nf_tables

What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been resolved in the Linux kernel by ensuring that all pending catchall elements are properly handled during transaction processing.

Immediate mitigation steps include updating your Linux kernel to a version that contains the fix for this vulnerability.

Until the update is applied, monitor system logs for the warning messages to detect potential issues and consider limiting the use of nf_tables features that may trigger this condition.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart