CVE-2026-23385

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the netfilter subsystem, specifically in the nf tables component, related to set cloning during flushing operations. A Syzbot, utilizing fault injection, identified a memory allocation failure with GFP KERNEL, leading to a kernel warning. The issue arises from improper handling of set cloning during the flush process. The resolution involves restricting set cloning to the flush set command during the preparation phase, introducing the NFT ITER UPDATE CLONE iteration type, and updating the rbtree and pipapo backends to clone sets only when this iteration type is used. This prevents unnecessary cloning of sets being deleted, including bound anonymous sets.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.