Fedora Account System
Red Hat Associate
Red Hat Customer
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flowtable after rcu grace period on error Call synchronize_rcu() after unregistering the hooks from error path, since a hook that already refers to this flowtable can be already registered, exposing this flowtable to packet path and nfnetlink_hook control plane. This error path is rare, it should only happen by reaching the maximum number hooks or by failing to set up to hardware offload, just call synchronize_rcu(). There is a check for already used device hooks by different flowtable that could result in EEXIST at this late stage. The hook parser can be updated to perform this check earlier to this error path really becomes rarely exercised. Uncovered by KASAN reported as use-after-free from nfnetlink_hook path when dumping hooks.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2026032548-CVE-2026-23392-fd9d@gregkh/T
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:21557 https://access.redhat.com/errata/RHSA-2026:21557
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:21556 https://access.redhat.com/errata/RHSA-2026:21556
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions Via RHSA-2026:23237 https://access.redhat.com/errata/RHSA-2026:23237
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:23224 https://access.redhat.com/errata/RHSA-2026:23224
This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:24343 https://access.redhat.com/errata/RHSA-2026:24343
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:25120 https://access.redhat.com/errata/RHSA-2026:25120
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:25121 https://access.redhat.com/errata/RHSA-2026:25121
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:26462 https://access.redhat.com/errata/RHSA-2026:26462
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:26515 https://access.redhat.com/errata/RHSA-2026:26515
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:26535 https://access.redhat.com/errata/RHSA-2026:26535
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:26563 https://access.redhat.com/errata/RHSA-2026:26563
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On Via RHSA-2026:26570 https://access.redhat.com/errata/RHSA-2026:26570