DigiNews

Summary

Exodus Intelligence analyzes a use-after-free vulnerability in the nftables portion of the Linux kernel (CVE-2026-23111) that was discovered in early 2025 and patched upstream in February 2026. The post provides a deep dive into the nftables data structures, generation masks, and abort/commit semantics that enable a UAF when manipulating pipapo verdict maps, and demonstrates a local privilege escalation from an unprivileged user to root on multiple Debian/Ubuntu releases. It also covers exploitation steps at a high level, addresses cross-distro differences, and discusses defensive mitigations and monitoring considerations.