PT-2026-27716 · Netfilter+3 · Netfilter+3

Published

2026-01-01

·

Updated

2026-06-16

·

CVE-2026-23351

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a use-after-free issue within the pipapo set type in the netfilter module. A large number of expired elements can cause the garbage collection process to run for an extended period in a non-preemptible context, potentially leading to soft lockup warnings and RCU stall reports, resulting in a local denial of service. The issue arises because expired elements remain accessible to both the packet path and userspace dumpers via a live copy of the data structure. The garbage collection process has been split into unlink and reclaim phases to address this.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2026-23351
ECHO-34C4-E9D4-ACDD
OESA-2026-1862
OESA-2026-1863
OESA-2026-1864
OPENSUSE-SU-2026:20826-1
SUSE-SU-2026:2111-1
SUSE-SU-2026:21841-1
SUSE-SU-2026:21845-1
SUSE-SU-2026:21860-1
SUSE-SU-2026:21876-1
SUSE-SU-2026:21877-1
SUSE-SU-2026:21916-1
SUSE-SU-2026:21919-1
SUSE-SU-2026:2195-1
SUSE-SU-2026:2202-1
SUSE-SU-2026:2215-1
SUSE-SU-2026:2216-1
SUSE-SU-2026:2217-1
SUSE-SU-2026:2238-1
USN-8277-1
USN-8277-2
USN-8278-1
USN-8278-2
USN-8279-1
USN-8279-2
USN-8279-3
USN-8289-1
USN-8289-2
USN-8291-1
USN-8291-2
USN-8291-3
USN-8296-1
USN-8296-2
USN-8310-1
USN-8374-1
USN-8393-1
USN-8426-1
USN-8426-2
USN-8439-1
USN-8440-1

Affected Products

Linuxmint
Linux Kernel
Ubuntu
Netfilter