CVE-2026-23278
- Source
- https://cve.org/CVERecord?id=CVE-2026-23278
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23278.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-23278
- Downstream
- Published
- 2026-03-20T08:08:58.566Z
- Modified
- 2026-04-02T13:12:19.958840Z
- Summary
- netfilter: nf_tables: always walk all pending catchall elements
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: always walk all pending catchall elements
During transaction processing we might have more than one catchall element: 1 live catchall element and 1 pending element that is coming as part of the new batch.
If the map holding the catchall elements is also going away, its required to toggle all catchall elements and not just the first viable candidate.
Otherwise, we get: WARNING: ./include/net/netfilter/nftables.h:1281 at nftdatarelease+0xb7/0xe0 [nftables], CPU#2: nft/1404 RIP: 0010:nftdatarelease+0xb7/0xe0 [nf_tables] [..] _nftsetelemdestroy+0x106/0x380 [nftables] nftablesabortrelease+0x348/0x8d0 [nftables] nftablesabort+0xcf2/0x3ac0 [nftables] nfnetlinkrcvbatch+0x9c9/0x20e0 [..]
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23278.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/77c26b5056d693ffe5e9f040e946251cdb55ae55
- https://git.kernel.org/stable/c/7cb9a23d7ae40a702577d3d8bacb7026f04ac2a9
- https://git.kernel.org/stable/c/de47a88c6b807910f05703fb6605f7efdaa11417
- https://git.kernel.org/stable/c/eb0948fa13298212c5f8b30ee48efdae4389ab09
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23278.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-23278
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced628bd3e49cba1c066228e23d71a852c23e26da73Fixedeb0948fa13298212c5f8b30ee48efdae4389ab09Fixedde47a88c6b807910f05703fb6605f7efdaa11417Fixed77c26b5056d693ffe5e9f040e946251cdb55ae55Fixed7cb9a23d7ae40a702577d3d8bacb7026f04ac2a9
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedbc9f791d2593f17e39f87c6e2b3a36549a3705b1Last affected3c7ec098e3b588434a8b07ea9b5b36f04cef1f50Last affecteda136b7942ad2a50de708f76ea299ccb45ac7a7f9Last affected25aa2ad37c2162be1c0bc4fe6397f7e4c13f00f8Last affectedd60be2da67d172aecf866302c91ea11533eca4d9Last affecteddc7cdf8cbcbf8b13de1df93f356ec04cdeef5c41