PT-2026-29719 · Linux · Linux
Published
2026-04-02
·
Updated
2026-04-02
·
CVE-2026-23412
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
In the Linux kernel, the following vulnerability has been resolved:
netfilter: bpf: defer hook memory release until rcu readers are done
Yiming Qian reports UaF when concurrent process is dumping hooks via
nfnetlink hooks:
BUG: KASAN: slab-use-after-free in nfnl hook dump one.isra.0+0xe71/0x10f0
Read of size 8 at addr ffff888003edbf88 by task poc/79
Call Trace:
nfnl hook dump one.isra.0+0xe71/0x10f0
netlink dump+0x554/0x12b0
nfnl hook get+0x176/0x230
[..]
Defer release until after concurrent readers have completed.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux