SB2026032079 - Resource exhaustion in Linux kernel netfilter

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource exhaustion (CVE-ID: CVE-2026-23278)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper memory management in the netfilter nf_tables component when processing transaction batches containing multiple catchall elements. A local user can provide a specially crafted batch request to cause a denial of service.

Exploitation requires the ability to inject or modify netfilter rules via the nf_tables interface, which is typically restricted to privileged users. The issue occurs during transaction abort processing, leading to a use-after-free condition that triggers a kernel warning and system instability.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/77c26b5056d693ffe5e9f040e946251cdb55ae55
• https://git.kernel.org/stable/c/7cb9a23d7ae40a702577d3d8bacb7026f04ac2a9
• https://git.kernel.org/stable/c/de47a88c6b807910f05703fb6605f7efdaa11417