https://aretiq.ai/tags/lpe/Recent content in Lpe on Aretiq AIHugoen-usMon, 18 May 2026 00:00:00 +0000https://aretiq.ai/research/vul260518-cve-2026-23412-linux-kernel-netfilter-bpf-hook-use-after-free-lpe/Mon, 18 May 2026 00:00:00 +0000https://aretiq.ai/research/vul260518-cve-2026-23412-linux-kernel-netfilter-bpf-hook-use-after-free-lpe/<h2 id="1-overview">1. Overview</h2> <p>A use-after-free vulnerability exists in the Linux kernel&rsquo;s BPF netfilter link implementation. The <code>bpf_nf_link_lops</code> operations structure uses synchronous deallocation (<code>.dealloc</code>) instead of RCU-deferred freeing (<code>.dealloc_deferred</code>), allowing a use-after-free when concurrent hook enumeration via nfnetlink races with BPF link destruction. The UAF on the kmalloc-192 slab cache is exploitable for local privilege escalation through heap spray and function pointer hijacking. The Linux kernel community addressed this vulnerability in kernel version 7.0-rc5.</p>