Use-after-free in Linux kernel - CVE-2026-46319
Published: June 10, 2026
Vulnerability identifier: #VU134179
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-46319
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to a use-after-free race condition in tcf_ct_flow_table_get() in net/sched/act_ct.c when looking up a flow table and incrementing its reference count. A local user can trigger the race during act_ct initialization to escalate privileges.
The race window is very short and occurs after the flow table object is returned from the hash table lookup but before its reference count is successfully incremented.
How to mitigate CVE-2026-46319
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/17dfb67cb399b660105d9a8c6100851c0d0cdc70
- https://git.kernel.org/stable/c/3e20e1b3058e0b94638e7b931c138e840e266724
- https://git.kernel.org/stable/c/4c727c6967a41b37efe0f26332ca9ec5b74785a3
- https://git.kernel.org/stable/c/67c9ecc9f2575273ed1323e312881fc98ac83d6d
- https://git.kernel.org/stable/c/a2e0c045c87aa252eb61412e67dd91f2c2b19f81
- https://git.kernel.org/stable/c/ece578ca61e572df96cfc80456357ebfae0b4b9e
- https://git.kernel.org/stable/c/f23424a0ddadb494d4bd57056a7ca703312d3a7b
- https://git.kernel.org/stable/c/f462dca0c8415bf0058d0ffa476354c4476d0f09