CVE-2026-23412 in Kernelinfo

Zusammenfassung (Englisch)

In the Linux kernel, the following vulnerability has been resolved:

netfilter: bpf: defer hook memory release until rcu readers are done

Yiming Qian reports UaF when concurrent process is dumping hooks via
nfnetlink_hooks:

BUG: KASAN: slab-use-after-free in nfnl_hook_dump_one.isra.0+0xe71/0x10f0
Read of size 8 at addr ffff888003edbf88 by task poc/79
Call Trace:

nfnl_hook_dump_one.isra.0+0xe71/0x10f0
netlink_dump+0x554/0x12b0
nfnl_hook_get+0x176/0x230
[..]

Defer release until after concurrent readers have completed.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Zuständig

Linux

Reservieren

13.01.2026

Veröffentlichung

02.04.2026

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

IDSchwachstelleCWEAusMasCVE
354858Linux Kernel netfilter nfnetlink_hooks Pufferüberlauf416Nicht definiertOffizieller FixCVE-2026-23412

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!