CVE-2026-23391 (GCVE-0-2026-23391)
Vulnerability from cvelistv5
Published
2026-03-25 10:33
Modified
2026-04-18 08:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: xt_CT: drop pending enqueued packets on template removal
Templates refer to objects that can go away while packets are sitting in
nfqueue refer to:
- helper, this can be an issue on module removal.
- timeout policy, nfnetlink_cttimeout might remove it.
The use of templates with zone and event cache filter are safe, since
this just copies values.
Flush these enqueued packets in case the template rule gets removed.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Version: 24de58f465165298aaa8f286b2592f0163706cfe Version: 24de58f465165298aaa8f286b2592f0163706cfe Version: 24de58f465165298aaa8f286b2592f0163706cfe Version: 24de58f465165298aaa8f286b2592f0163706cfe Version: 24de58f465165298aaa8f286b2592f0163706cfe Version: 24de58f465165298aaa8f286b2592f0163706cfe Version: 24de58f465165298aaa8f286b2592f0163706cfe Version: 24de58f465165298aaa8f286b2592f0163706cfe |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/xt_CT.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "55445134d42b84cb0a272e42c98d233ca65eca83",
"status": "affected",
"version": "24de58f465165298aaa8f286b2592f0163706cfe",
"versionType": "git"
},
{
"lessThan": "cc57506dd66555899560b9c0f24e813f034e12ec",
"status": "affected",
"version": "24de58f465165298aaa8f286b2592f0163706cfe",
"versionType": "git"
},
{
"lessThan": "d2d0bae0c9a2a17b6990a2966f5cdce0813d6256",
"status": "affected",
"version": "24de58f465165298aaa8f286b2592f0163706cfe",
"versionType": "git"
},
{
"lessThan": "63b8097cea1923fe82cd598068d0796da8c015ec",
"status": "affected",
"version": "24de58f465165298aaa8f286b2592f0163706cfe",
"versionType": "git"
},
{
"lessThan": "19a230dec6bb8928e3f96387f9085cf2c79bcef9",
"status": "affected",
"version": "24de58f465165298aaa8f286b2592f0163706cfe",
"versionType": "git"
},
{
"lessThan": "cb549925875fa06dd155e49db4ac2c5044c30f9c",
"status": "affected",
"version": "24de58f465165298aaa8f286b2592f0163706cfe",
"versionType": "git"
},
{
"lessThan": "777d02efe3d630cca4c1b63962cec17c57711325",
"status": "affected",
"version": "24de58f465165298aaa8f286b2592f0163706cfe",
"versionType": "git"
},
{
"lessThan": "f62a218a946b19bb59abdd5361da85fa4606b96b",
"status": "affected",
"version": "24de58f465165298aaa8f286b2592f0163706cfe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/xt_CT.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.4"
},
{
"lessThan": "3.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.253",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.203",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.253",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.203",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.167",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.130",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.78",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.20",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.10",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_CT: drop pending enqueued packets on template removal\n\nTemplates refer to objects that can go away while packets are sitting in\nnfqueue refer to:\n\n- helper, this can be an issue on module removal.\n- timeout policy, nfnetlink_cttimeout might remove it.\n\nThe use of templates with zone and event cache filter are safe, since\nthis just copies values.\n\nFlush these enqueued packets in case the template rule gets removed."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-18T08:58:26.823Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/55445134d42b84cb0a272e42c98d233ca65eca83"
},
{
"url": "https://git.kernel.org/stable/c/cc57506dd66555899560b9c0f24e813f034e12ec"
},
{
"url": "https://git.kernel.org/stable/c/d2d0bae0c9a2a17b6990a2966f5cdce0813d6256"
},
{
"url": "https://git.kernel.org/stable/c/63b8097cea1923fe82cd598068d0796da8c015ec"
},
{
"url": "https://git.kernel.org/stable/c/19a230dec6bb8928e3f96387f9085cf2c79bcef9"
},
{
"url": "https://git.kernel.org/stable/c/cb549925875fa06dd155e49db4ac2c5044c30f9c"
},
{
"url": "https://git.kernel.org/stable/c/777d02efe3d630cca4c1b63962cec17c57711325"
},
{
"url": "https://git.kernel.org/stable/c/f62a218a946b19bb59abdd5361da85fa4606b96b"
}
],
"title": "netfilter: xt_CT: drop pending enqueued packets on template removal",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23391",
"datePublished": "2026-03-25T10:33:15.677Z",
"dateReserved": "2026-01-13T15:37:46.009Z",
"dateUpdated": "2026-04-18T08:58:26.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…