CVE-2026-23458

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.0-rc2+

Description The Linux kernel contains a use-after-free flaw within the ctnetlink dump exp ct() function, specifically related to conntrack pointer management during netlink dumps. The issue arises when the dump spans multiple rounds, leading to a dereference of a freed conntrack object via nfct help(ct), resulting in a use-after-free on ct->ext. The root cause is the absence of proper .start and .done callbacks in netlink dump control to manage the conntrack reference across dump rounds. This flaw can be triggered by a crafted netlink message, potentially leading to system instability or denial of service.

Recommendations Update to Linux kernel version 7.0.0-rc2+ or later to address this vulnerability.