Home

Description

In the Linux kernel, the following vulnerability has been resolved: nf_tables: nft_dynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the element via GFP_ATOMIC fails, then the first stateful expression remains in place without being released. unreferenced object (percpu) 0x607b97e9cab8 (size 16): comm "softirq", pid 0, jiffies 4294931867 hex dump (first 16 bytes on cpu 3): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 backtrace (crc 0): pcpu_alloc_noprof+0x453/0xd80 nft_counter_clone+0x9c/0x190 [nf_tables] nft_expr_clone+0x8f/0x1b0 [nf_tables] nft_dynset_new+0x2cb/0x5f0 [nf_tables] nft_rhash_update+0x236/0x11c0 [nf_tables] nft_dynset_eval+0x11f/0x670 [nf_tables] nft_do_chain+0x253/0x1700 [nf_tables] nft_do_chain_ipv4+0x18d/0x270 [nf_tables] nf_hook_slow+0xaa/0x1e0 ip_local_deliver+0x209/0x330

PUBLISHED Reserved 2026-01-13 | Published 2026-03-28 | Updated 2026-06-01 | Assigner Linux

Product status

Default status
unaffected

563125a73ac30d7036ae69ca35c40500562c1de4 (git) before eb7bf413e59945df03d4567b73ce464eebe2f4ea
affected

563125a73ac30d7036ae69ca35c40500562c1de4 (git) before 4357dbb1d9c35ca0b4443d71c98a48e6666f7689
affected

563125a73ac30d7036ae69ca35c40500562c1de4 (git) before e6661add2d9c6913e1dad97336595e23a2bed195
affected

563125a73ac30d7036ae69ca35c40500562c1de4 (git) before d1354873cbe3b344899c4311ac05897fd83e3f21
affected

563125a73ac30d7036ae69ca35c40500562c1de4 (git) before 31641c682db73353e4647e40735c7f2a75ff58ef
affected

563125a73ac30d7036ae69ca35c40500562c1de4 (git) before c88a9fd26cee365bec932196f76175772a941cca
affected

563125a73ac30d7036ae69ca35c40500562c1de4 (git) before 0548a13b5a145b16e4da0628b5936baf35f51b43
affected

Default status
affected

5.11
affected

Any version before 5.11
unaffected

5.15.209 (semver)
unaffected

6.1.175 (semver)
unaffected

6.6.136 (semver)
unaffected

6.12.78 (semver)
unaffected

6.18.20 (semver)
unaffected

6.19.10 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/eb7bf413e59945df03d4567b73ce464eebe2f4ea

git.kernel.org/...c/4357dbb1d9c35ca0b4443d71c98a48e6666f7689

git.kernel.org/...c/e6661add2d9c6913e1dad97336595e23a2bed195

git.kernel.org/...c/d1354873cbe3b344899c4311ac05897fd83e3f21

git.kernel.org/...c/31641c682db73353e4647e40735c7f2a75ff58ef

git.kernel.org/...c/c88a9fd26cee365bec932196f76175772a941cca

git.kernel.org/...c/0548a13b5a145b16e4da0628b5936baf35f51b43

cve.org (CVE-2026-23399)

nvd.nist.gov (CVE-2026-23399)

Download JSON