VYPR
Medium severity5.5NVD Advisory· Published May 8, 2026· Updated May 21, 2026

CVE-2026-43451

CVE-2026-43451

Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path

nfqnl_recv_verdict() calls find_dequeue_entry() to remove the queue entry from the queue data structures, taking ownership of the entry. For PF_BRIDGE packets, it then calls nfqa_parse_bridge() to parse VLAN attributes. If nfqa_parse_bridge() returns an error (e.g. NFQA_VLAN present but NFQA_VLAN_TCI missing), the function returns immediately without freeing the dequeued entry or its sk_buff.

This leaks the nf_queue_entry, its associated sk_buff, and all held references (net_device refcounts, struct net refcount). Repeated triggering exhausts kernel memory.

Fix this by dropping the entry via nfqnl_reinject() with NF_DROP verdict on the error path, consistent with other error handling in this file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Linux/Kernel5 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=4.7,<5.10.253
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.