CVE-2026-23399
- Source
- https://cve.org/CVERecord?id=CVE-2026-23399
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23399.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-23399
- Downstream
- Published
- 2026-03-28T07:16:09.888Z
- Modified
- 2026-05-15T11:54:35.058520609Z
- Summary
- nf_tables: nft_dynset: fix possible stateful expression memleak in error path
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
nftables: nftdynset: fix possible stateful expression memleak in error path
If cloning the second stateful expression in the element via GFP_ATOMIC fails, then the first stateful expression remains in place without being released.
unreferenced object (percpu) 0x607b97e9cab8 (size 16): comm "softirq", pid 0, jiffies 4294931867 hex dump (first 16 bytes on cpu 3): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 backtrace (crc 0): pcpuallocnoprof+0x453/0xd80 nftcounterclone+0x9c/0x190 [nftables] nftexprclone+0x8f/0x1b0 [nftables] nftdynsetnew+0x2cb/0x5f0 [nftables] nftrhashupdate+0x236/0x11c0 [nftables] nftdynseteval+0x11f/0x670 [nftables] nftdochain+0x253/0x1700 [nftables] nftdochainipv4+0x18d/0x270 [nftables] nfhookslow+0xaa/0x1e0 iplocaldeliver+0x209/0x330
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23399.json" }- References
-
- https://git.kernel.org/stable/c/0548a13b5a145b16e4da0628b5936baf35f51b43
- https://git.kernel.org/stable/c/31641c682db73353e4647e40735c7f2a75ff58ef
- https://git.kernel.org/stable/c/c88a9fd26cee365bec932196f76175772a941cca
- https://git.kernel.org/stable/c/d1354873cbe3b344899c4311ac05897fd83e3f21
- https://git.kernel.org/stable/c/e6661add2d9c6913e1dad97336595e23a2bed195
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23399.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-23399
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git