CVE-2026-23278

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: nf_tables: always walk all pending catchall elements<br /> <br /> During transaction processing we might have more than one catchall element:<br /> 1 live catchall element and 1 pending element that is coming as part of the<br /> new batch.<br /> <br /> If the map holding the catchall elements is also going away, its<br /> required to toggle all catchall elements and not just the first viable<br /> candidate.<br /> <br /> Otherwise, we get:<br /> WARNING: ./include/net/netfilter/nf_tables.h:1281 at nft_data_release+0xb7/0xe0 [nf_tables], CPU#2: nft/1404<br /> RIP: 0010:nft_data_release+0xb7/0xe0 [nf_tables]<br /> [..]<br /> __nft_set_elem_destroy+0x106/0x380 [nf_tables]<br /> nf_tables_abort_release+0x348/0x8d0 [nf_tables]<br /> nf_tables_abort+0xcf2/0x3ac0 [nf_tables]<br /> nfnetlink_rcv_batch+0x9c9/0x20e0 [..]