CVE-2026-23392

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue where a flowtable is not properly released after an error, potentially leading to a use-after-free condition. This can occur when unregistering hooks from an error path, specifically when a hook already refers to the flowtable and is exposed to the packet path or the nfnetlink hook control plane. The error path is rare, typically occurring when reaching the maximum number of hooks or failing to set up hardware offload. The issue was uncovered by KASAN reporting a use-after-free from the nfnetlink hook path during hook dumping.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2026-23392

ECHO-E1E4-0FDC-01B3

OESA-2026-1862

OESA-2026-1863

OESA-2026-1864

OPENSUSE-SU-2026:20826-1

SUSE-SU-2026:21841-1

SUSE-SU-2026:21845-1

SUSE-SU-2026:21860-1

Affected Products

Linux Kernel

Rocky Linux

CVE-2026-23392

Weakness Enumeration

Related Identifiers

Affected Products

References · 77