nf_tables: nft_dynset: fix possible stateful expression memleak in error path

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2026-23399
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-03-28 08:15:56 UTC
Updated2026-03-30 13:26:07 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: nf_tables: nft_dynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the element via GFP_ATOMIC fails, then the first stateful expression remains in place without being released.   unreferenced object (percpu) 0x607b97e9cab8 (size 16):     comm "softirq", pid 0, jiffies 4294931867     hex dump (first 16 bytes on cpu 3):       00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     backtrace (crc 0):       pcpu_alloc_noprof+0x453/0xd80       nft_counter_clone+0x9c/0x190 [nf_tables]       nft_expr_clone+0x8f/0x1b0 [nf_tables]       nft_dynset_new+0x2cb/0x5f0 [nf_tables]       nft_rhash_update+0x236/0x11c0 [nf_tables]       nft_dynset_eval+0x11f/0x670 [nf_tables]       nft_do_chain+0x253/0x1700 [nf_tables]       nft_do_chain_ipv4+0x18d/0x270 [nf_tables]       nf_hook_slow+0xaa/0x1e0       ip_local_deliver+0x209/0x330

Risk And Classification

EPSS: 0.000180000 probability, percentile 0.043500000 (date 2026-04-01)

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected 563125a73ac30d7036ae69ca35c40500562c1de4 d1354873cbe3b344899c4311ac05897fd83e3f21 git Not specified
CNA Linux Linux affected 563125a73ac30d7036ae69ca35c40500562c1de4 31641c682db73353e4647e40735c7f2a75ff58ef git Not specified
CNA Linux Linux affected 563125a73ac30d7036ae69ca35c40500562c1de4 c88a9fd26cee365bec932196f76175772a941cca git Not specified
CNA Linux Linux affected 563125a73ac30d7036ae69ca35c40500562c1de4 0548a13b5a145b16e4da0628b5936baf35f51b43 git Not specified
CNA Linux Linux affected 5.11 Not specified
CNA Linux Linux unaffected 5.11 semver Not specified
CNA Linux Linux unaffected 6.12.78 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.20 6.18.* semver Not specified
CNA Linux Linux unaffected 6.19.10 6.19.* semver Not specified
CNA Linux Linux unaffected 7.0-rc5 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/0548a13b5a145b16e4da0628b5936baf35f51b43 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/d1354873cbe3b344899c4311ac05897fd83e3f21 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/c88a9fd26cee365bec932196f76175772a941cca 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/31641c682db73353e4647e40735c7f2a75ff58ef 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report