Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-23278
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-20 Mar, 2026 | 08:08
Updated At-11 May, 2026 | 22:03
Rejected At-
▼CVE Numbering Authority (CNA)
netfilter: nf_tables: always walk all pending catchall elements

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: always walk all pending catchall elements During transaction processing we might have more than one catchall element: 1 live catchall element and 1 pending element that is coming as part of the new batch. If the map holding the catchall elements is also going away, its required to toggle all catchall elements and not just the first viable candidate. Otherwise, we get: WARNING: ./include/net/netfilter/nf_tables.h:1281 at nft_data_release+0xb7/0xe0 [nf_tables], CPU#2: nft/1404 RIP: 0010:nft_data_release+0xb7/0xe0 [nf_tables] [..] __nft_set_elem_destroy+0x106/0x380 [nf_tables] nf_tables_abort_release+0x348/0x8d0 [nf_tables] nf_tables_abort+0xcf2/0x3ac0 [nf_tables] nfnetlink_rcv_batch+0x9c9/0x20e0 [..]

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/netfilter/nf_tables_api.c
Default Status
unaffected
Versions
Affected
  • From 628bd3e49cba1c066228e23d71a852c23e26da73 before eb0948fa13298212c5f8b30ee48efdae4389ab09 (git)
  • From 628bd3e49cba1c066228e23d71a852c23e26da73 before de47a88c6b807910f05703fb6605f7efdaa11417 (git)
  • From 628bd3e49cba1c066228e23d71a852c23e26da73 before 77c26b5056d693ffe5e9f040e946251cdb55ae55 (git)
  • From 628bd3e49cba1c066228e23d71a852c23e26da73 before 7cb9a23d7ae40a702577d3d8bacb7026f04ac2a9 (git)
  • bc9f791d2593f17e39f87c6e2b3a36549a3705b1 (git)
  • 3c7ec098e3b588434a8b07ea9b5b36f04cef1f50 (git)
  • a136b7942ad2a50de708f76ea299ccb45ac7a7f9 (git)
  • 25aa2ad37c2162be1c0bc4fe6397f7e4c13f00f8 (git)
  • d60be2da67d172aecf866302c91ea11533eca4d9 (git)
  • dc7cdf8cbcbf8b13de1df93f356ec04cdeef5c41 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/netfilter/nf_tables_api.c
Default Status
affected
Versions
Affected
  • 6.4
Unaffected
  • From 0 before 6.4 (semver)
  • From 6.12.78 through 6.12.* (semver)
  • From 6.18.19 through 6.18.* (semver)
  • From 6.19.9 through 6.19.* (semver)
  • From 7.0 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/eb0948fa13298212c5f8b30ee48efdae4389ab09
N/A
https://git.kernel.org/stable/c/de47a88c6b807910f05703fb6605f7efdaa11417
N/A
https://git.kernel.org/stable/c/77c26b5056d693ffe5e9f040e946251cdb55ae55
N/A
https://git.kernel.org/stable/c/7cb9a23d7ae40a702577d3d8bacb7026f04ac2a9
N/A
Hyperlink: https://git.kernel.org/stable/c/eb0948fa13298212c5f8b30ee48efdae4389ab09
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/de47a88c6b807910f05703fb6605f7efdaa11417
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/77c26b5056d693ffe5e9f040e946251cdb55ae55
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/7cb9a23d7ae40a702577d3d8bacb7026f04ac2a9
Resource: N/A
Details not found