Bottom Line: A single misplaced punctuation mark in the nf_tables subsystem enables memory compromise and unauthorized root privilege escalation on Linux systems.
A vulnerability in the nf_tables subsystem of the Linux kernel (CVE-2026-23111) allows local users to escalate privileges to root level. An improperly placed exclamation mark in the source code causes a use-after-free error that is already being exploited.
The vulnerability registered as CVE-2026-23111 is located in the nf_tables subsystem of the Linux kernel, which provides packet filtering and firewall rule management and replaces older tools such as iptables. The cause is an improperly placed exclamation mark in the source code that leads to a use-after-free error and corrupts kernel memory management.
A local, unprivileged user can exploit this vulnerability by manipulating the deletion process of verdicts in the nf_tables framework. These verdicts determine whether a network packet meets firewall rules. When rule tables are deleted, so-called catchall elements are disabled and the reference counter of the associated chain is decremented. Due to the logic error, this abort process can be manipulated so that the counter is decremented arbitrarily many times and the chain is freed while other objects still reference it. This results in a use-after-free condition with full memory control.
The vulnerability was already fixed by Linux kernel developers in February 2026. However, starting in April 2026, several functional proofs of concept appeared: FuzzingLabs published a proof, Exodus Intelligence provided an additional exploit that works on Debian and Ubuntu. For CISOs and system administrators, a timely kernel update based on this available exploitable variant is required, as the vulnerability is locally exploitable and has far-reaching implications.
Source: www.it-daily.net · Published June 15, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrasing and classification via Lumi News Pipeline v1.7.1.