netfilter: bpf: defer hook memory release until rcu readers are done

Description

A vulnerability classified as critical has been found in Linux Kernel up to 6.6.129/6.12.77/6.18.19/6.19.9/7.0-rc4. This affects the function nfnetlink_hooks of the component netfilter. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2026-23412. The attack can only be initiated within the local network. No exploit exists. It is recommended to upgrade the affected component.

Affected Products

Vendor	Product	Versions
linux	linux kernel	84601d6ee68ae820dec97450934797046d62db4b, 84601d6ee68ae820dec97450934797046d62db4b, 84601d6ee68ae820dec97450934797046d62db4b, 84601d6ee68ae820dec97450934797046d62db4b, 84601d6ee68ae820dec97450934797046d62db4b, 6.4, 6.6.129, 6.12.77, 6.18.19, 6.19.9, 7.0-rc4

References

Related News (2 articles)

Tier C

VulDB4h ago

CVE-2026-23412 | Linux Kernel up to 6.6.129/6.12.77/6.18.19/6.19.9/7.0-rc4 netfilter nfnetlink_hooks use after free

→ No new info (linked only)

Tier C

Linux Kernel CVEs5h ago

CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

d016c216bc75c45128160593a77b864a04dbe7c0cb2bf5efdb02a2a59faf603604a1066e8266f349c25e0dec366ae99b7264324ce3c7cbaea34691f954244d54a971c26a0cd0a9073460ff71f3c51b3224f90fa3994b992d1a09003a3db2599330a5232a06.6.1306.12.786.18.206.19.107.0-rc5

CWECWE-416

PublishedApr 2, 2026

Last enriched4h agov2

Trending Score30

Source articles1

Independent1

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack