What is CVE-2026-23412?

CVE-2026-23412 is a high-severity vulnerability in Linux. CVSS score: 7.8/10. Published 2026-04-02.

How severe is CVE-2026-23412?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Linux

CVE-2026-23412

In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: defer hook memory release until rcu readers are done Yiming Qian reports UaF when concurrent process is dumping hooks via nfnetlink_hooks: BUG: KASAN: s…

EPSS: 0.000 (3.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Linux — versions 84601d6ee68ae820dec97450934797046d62db4b, 6.4, 0

References

git.kernel.org/stable/c/d016c216bc75c45128160593a77b864a04dbe7c0
git.kernel.org/stable/c/cb2bf5efdb02a2a59faf603604a1066e8266f349
git.kernel.org/stable/c/c25e0dec366ae99b7264324ce3c7cbaea34691f9
git.kernel.org/stable/c/54244d54a971c26a0cd0a9073460ff71f3c51b32
git.kernel.org/stable/c/24f90fa3994b992d1a09003a3db2599330a5232a

Frequently asked questions

What is CVE-2026-23412?: CVE-2026-23412 is a high-severity vulnerability in Linux. CVSS score: 7.8/10. Published 2026-04-02.
How severe is CVE-2026-23412?: High severity. CVSS v3 base score is 7.8 out of 10.