SB2026032562 - Improper Check or Handling of Exceptional Conditions in Linux kernel netfilter

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2026-23385)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper error handling in the netfilter nf_tables component when processing set operations during a flush command. A local user can trigger a failing memory allocation that results in a kernel warning and system instability, leading to a denial of service.

The issue arises during the deactivation of a set in the preparation phase of a flush operation, where a set is cloned unnecessarily, potentially causing memory allocation failure under fault injection conditions.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/9154945a6394029822bd08c24cef5a3f86d0424a
• https://git.kernel.org/stable/c/b7f67282ca2be14b727dd698b50e10cf5d8c66f9
• https://git.kernel.org/stable/c/fb7fb4016300ac622c964069e286dc83166a5d52