CVE-2026-23392

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: nf_tables: release flowtable after rcu grace period on error<br /> <br /> Call synchronize_rcu() after unregistering the hooks from error path,<br /> since a hook that already refers to this flowtable can be already<br /> registered, exposing this flowtable to packet path and nfnetlink_hook<br /> control plane.<br /> <br /> This error path is rare, it should only happen by reaching the maximum<br /> number hooks or by failing to set up to hardware offload, just call<br /> synchronize_rcu().<br /> <br /> There is a check for already used device hooks by different flowtable<br /> that could result in EEXIST at this late stage. The hook parser can be<br /> updated to perform this check earlier to this error path really becomes<br /> rarely exercised.<br /> <br /> Uncovered by KASAN reported as use-after-free from nfnetlink_hook path<br /> when dumping hooks.