目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2026-23111— Linux kernel 安全漏洞

CVSS 7.8 · High EPSS 0.34% · P27

影响版本矩阵 24

厂商产品版本范围状态
LinuxLinux25aa2ad37c2162be1c0bc4fe6397f7e4c13f00f8< 8c760ba4e36c750379d13569f23f5a6e185333f5affected
d60be2da67d172aecf866302c91ea11533eca4d9< b9b6573421de51829f7ec1cce76d85f5f6fbbd7faffected
628bd3e49cba1c066228e23d71a852c23e26da73< 42c574c1504aa089a0a142e4c13859327570473daffected
628bd3e49cba1c066228e23d71a852c23e26da73< 1444ff890b4653add12f734ffeffc173d42862ddaffected
628bd3e49cba1c066228e23d71a852c23e26da73< 8b68a45f9722f2babe9e7bad00aa74638addf081affected
628bd3e49cba1c066228e23d71a852c23e26da73< f41c5d151078c5348271ffaf8e7410d96f2d82f8affected
bc9f791d2593f17e39f87c6e2b3a36549a3705b1affected
3c7ec098e3b588434a8b07ea9b5b36f04cef1f50affected
… +16 条更多
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2026-23111 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate()
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted element activity check compared to its non-catchall counterpart nft_mapelem_activate() and compared to what is logically required. nft_map_catchall_activate() is called from the abort path to re-activate catchall map elements that were deactivated during a failed transaction. It should skip elements that are already active (they don't need re-activation) and process elements that are inactive (they need to be restored). Instead, the current code does the opposite: it skips inactive elements and processes active ones. Compare the non-catchall activate callback, which is correct: nft_mapelem_activate(): if (nft_set_elem_active(ext, iter->genmask)) return 0; /* skip active, process inactive */ With the buggy catchall version: nft_map_catchall_activate(): if (!nft_set_elem_active(ext, genmask)) continue; /* skip inactive, process active */ The consequence is that when a DELSET operation is aborted, nft_setelem_data_activate() is never called for the catchall element. For NFT_GOTO verdict elements, this means nft_data_hold() is never called to restore the chain->use reference count. Each abort cycle permanently decrements chain->use. Once chain->use reaches zero, DELCHAIN succeeds and frees the chain while catchall verdict elements still reference it, resulting in a use-after-free. This is exploitable for local privilege escalation from an unprivileged user via user namespaces + nftables on distributions that enable CONFIG_USER_NS and CONFIG_NF_TABLES. Fix by removing the negation so the check matches nft_mapelem_activate(): skip active elements, process inactive ones.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于nft_map_catchall_activate函数中存在反向的生成掩码检查逻辑错误,可能导致事务回滚时元素状态处理不当。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
LinuxLinux 25aa2ad37c2162be1c0bc4fe6397f7e4c13f00f8 ~ 8c760ba4e36c750379d13569f23f5a6e185333f5 -
LinuxLinux 6.4 -

二、漏洞 CVE-2026-23111 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2026-23111 的情报信息

登录查看更多情报信息。

IV. Related Vulnerabilities

V. Comments for CVE-2026-23111

暂无评论


发表评论