CVE-2026-23111

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel's netfilter module contains a flaw in the nft map catchall activate() function related to an inverted element activity check. This incorrect check causes the function to skip inactive elements and process active ones during transaction aborts. Specifically, when a DELSET operation is aborted, nft setelem data activate() is not called for the catchall element, leading to a use-after-free condition for NFT GOTO verdict elements. This can result in the premature freeing of a chain while catchall verdict elements still reference it. The issue is exploitable for local privilege escalation from an unprivileged user through user namespaces and nftables, requiring the CONFIG USER NS and CONFIG NF TABLES configurations to be enabled. The function nft map catchall activate() is involved in the issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.