Main Vulnerability Database SB2026032901

SB2026032901 - Memory leak in Linux kernel netfilter

Published: March 29, 2026

Security Bulletin ID SB2026032901

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2026-23399)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper memory management in the nf_tables subsystem when handling stateful expressions in dynamic sets. A local user can trigger a memory leak by causing a failure during the cloning of stateful expressions, leading to unbounded memory consumption over time.

The issue occurs in the nft_dynset component when GFP_ATOMIC allocation fails, leaving the first stateful expression unreleased.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/0548a13b5a145b16e4da0628b5936baf35f51b43
https://git.kernel.org/stable/c/31641c682db73353e4647e40735c7f2a75ff58ef
https://git.kernel.org/stable/c/c88a9fd26cee365bec932196f76175772a941cca
https://git.kernel.org/stable/c/d1354873cbe3b344899c4311ac05897fd83e3f21