Linux核心再傳nftables本機權限提升漏洞CVE-2026-23111,攻擊者可升級為root並突破容器
威脅情報公司Exodus Intelligence於2025年初發現資安漏洞CVE-2026-23111,此弱點存在於Linux核心的nftables子系統,漏洞存在於nftables的nft_map_catchall_activate()功能函式,由於條件判斷中多出一個驚嘆號(!),由於驚嘆號會翻轉程式碼處理的邏輯,導致核心在處理交易終止(abort)時錯誤地跳過部分必要程序,相關鏈結(chain)的參考計數持續下降。一旦計數歸零,系統可能釋放仍被其他物件引用的記憶體區域,進而產生記憶體釋放後再存取利用(Use After Free)的現象。Linux開發團隊獲報後於2月5日完成修補,
Off By !: Exploiting a Use-after-Free in the Linux Kernel - Exodus Intelligence
By Oliver Sieber Overview In this blog post, we discuss a use-after-free vulnerability that we found in the nftables subsystem of the Linux kernel in early 2025. This vulnerability was patched upstream on 5 February 2026 and assigned CVE-2026-23111. This blog post covers a technical analysis of the vulnerability and how we exploited it to perform a local ... Read more Off By !: Exploiting a Use-after-Free in the Linux Kernel
blog.exodusintel.com
Comments (0)