PatchSiren cyber security CVE debrief
CVE-2026-23392 Linux CVE debrief
A high-severity vulnerability, CVE-2026-23392, was found in the Linux kernel. This vulnerability is caused by a use-after-free error in the netfilter subsystem, specifically in the nf_tables component. The vulnerability occurs when the flowtable is released after an RCU grace period on error, allowing a hook that already refers to this flowtable to be registered, exposing the flowtable to the packet path and nfnetlink_hook control plane. The affected Linux kernel versions are 4.16.1 to 6.1.167, 6.2 to 6.6.130, 6.7 to 6.12.78, 6.13 to 6.18.20, 6.19 to 6.19.10, and 7.0 rc1 to rc7.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-25
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-03-25
- Advisory updated
- 2026-07-14
Who should care
This vulnerability affects Linux kernel versions 4.16.1 to 6.1.167, 6.2 to 6.6.130, 6.7 to 6.12.78, 6.13 to 6.18.20, 6.19 to 6.19.10, and 7.0 rc1 to rc7. Users of these versions should take immediate action to mitigate the vulnerability. The operators, platform, vulnerability-management, and security teams should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
Technical summary
The vulnerability is caused by a use-after-free error in the netfilter subsystem, specifically in the nf_tables component. The error occurs when the flowtable is released after an RCU grace period on error, allowing a hook that already refers to this flowtable to be registered. This can be exploited by an attacker to execute arbitrary code or cause a denial-of-service (DoS) attack. The affected Linux kernel versions are 4.16.1 to 6.1.167, 6.2 to 6.6.130, 6.7 to 6.12.78, 6.13 to 6.18.20, 6.19 to 6.19.10, and 7.0 rc1 to rc7.
Defensive priority
High
Recommended defensive actions
- Apply patches from Linux kernel maintainers
- Update Linux kernel to a version that is not vulnerable
- Implement compensating controls, such as firewall rules or intrusion detection systems
- Monitor system logs for suspicious activity
- Perform regular vulnerability scans and penetration testing
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The vulnerability was reported by KASAN and is described as a use-after-free error in the netfilter subsystem. The CVE record was published on 2026-03-25T11:16:39.873Z and last modified on 2026-07-14T13:18:32.290Z. The affected product deployments should be reviewed for potential exposure.
Official resources
-
CVE-2026-23392 CVE record
CVE.org
-
CVE-2026-23392 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Source reference
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-25T11:16:39.873Z and has not been modified since then.