Use After Free in Linux kernel - CVE-2026-23392
Published: March 25, 2026
Vulnerability identifier: #VU124450
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23392
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to execute arbitrary code or escalate privileges.
The vulnerability exists due to a use-after-free in the netfilter nf_tables component when handling flowtable hooks during error conditions. A local user can trigger a use-after-free condition by exploiting the improper release of a flowtable after an RCU grace period, leading to arbitrary code execution or privilege escalation.
Exploitation requires the ability to interact with the nfnetlink subsystem, typically available to local users with access to netfilter configuration interfaces.
How to mitigate CVE-2026-23392
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/7e3955b282eae20d61c75e499c75eade51c20060
- https://git.kernel.org/stable/c/adee3436ccd29f1e514c028899e400cbc6d84065
- https://git.kernel.org/stable/c/c8092edb9a11f20f95ccceeb9422b7dd0df337bd
- https://git.kernel.org/stable/c/d2632de96ccb066e0131ad1494241b9c281c60b8
- https://git.kernel.org/stable/c/d73f4b53aaaea4c95f245e491aa5eeb8a21874ce
- https://git.kernel.org/stable/c/e78a2dcc7cfb87b64a631441ca7681492b347ef6