Vulnerability Lookup

🛡️ CVE-2026-23399

🟡 CVSS 5.5 — Medium ✅ No Known Exploit NVD

5.5

CVSS Score

0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: nf_tables: nft_dynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the element via GFP_ATOMIC fails, then the first stateful expression remains in place without being released. unreferenced object (percpu) 0x607b97e9cab8 (size 16): comm "softirq", pid 0, jiffies 4294931867 hex dump (first 16 bytes on cpu 3): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 backtrace (crc 0): pcpu_alloc_noprof+0x453/0xd80 nft_counter_clone+0x9c/0x190 [nf_tables] nft_expr_clone+0x8f/0x1b0 [nf_tables] nft_dynset_new+0x2cb/0x5f0 [nf_tables] nft_rhash_update+0x236/0x11c0 [nf_tables] nft_dynset_eval+0x11f/0x670 [nf_tables] nft_do_chain+0x253/0x1700 [nf_tables] nft_do_chain_ipv4+0x18d/0x270 [nf_tables] nf_hook_slow+0xaa/0x1e0 ip_local_deliver+0x209/0x330

Details

Severity Medium

CVSS Score 5.5

CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE N/A

Public Exploit ✅ No

Source NVD

Published 2026-03-28

Updated 2026-06-05

Modified 2026-06-04

Fix URL https://git.kernel.org/stable/c/0548a13b5a145b16e4da0628b5936baf35f51b43

Affected Packages

Software	From version	Fixed in
kernel	6.19.0	6.19.10
linux-kernel	—	—

References

PACKAGE https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

WEB https://git.kernel.org/stable/c/0548a13b5a145b16e4da0628b5936baf35f51b43

WEB https://git.kernel.org/stable/c/31641c682db73353e4647e40735c7f2a75ff58ef

WEB https://git.kernel.org/stable/c/c88a9fd26cee365bec932196f76175772a941cca

WEB https://git.kernel.org/stable/c/d1354873cbe3b344899c4311ac05897fd83e3f21

ADVISORY https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23399.json

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-23399

🔗 NVD 🔗 Mitre ✅ Fix / Advisory

Similar Threats

Unknown ALSA-2023:2458
Unknown ALSA-2023:1703
Unknown ALSA-2023:1566
Unknown ALSA-2023:1470
Unknown ALSA-2023:0951

Patch Gap Protection

Running software with known vulnerabilities?

BotEraser can help reduce exposure by blocking IPs associated with exploit activity — even before a patch is available.

Start Free →

No credit card required · Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.

Running software with known vulnerabilities?

Company

Resources

Services

Trusted

Subscribe