230 matches found
CVE-2026-43329
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IPv6 is: ethernet mangling 4 payload actions, 2 for each ethernet address SNAT 4 payload actions DNAT ...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an insufficiently strict check on the number of hardware in the netfilter flowtable. This issue may...
Linux Distros Unpatched Vulnerability : CVE-2026-43329
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IPv6 is: ethernet mangling 4...
PT-2026-38980
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the netfilter flowtable component where the system fails to strictly check for the maximum number of supported actions. In IPv6 setups, the required number of hardware...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: Fixed issues where stuck flows occurred during cleanup due to pending work. To clear the flow table when it becomes free, the following sequence typically occurs: 1 The gcstep operation is stopped to disable...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate vlan header Ensure there is sufficient room to access the protocol field of the VLAN header; validate it once before the flowtable lookup. ===================================================== BUG:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable – incorrect pppoe tuple PPPoE traffic that reaches the ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in th...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: Unregistering flowtable hooks upon netns exit. Unregistering flowtable hooks before they are released via nftablesflowtabledestroy; otherwise, the hook code may report a Use-After-Free error. BUG: KASAN:...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable – validate the pppoe header Ensure that there is sufficient space to access the protocol field of the PPPoe header. Validate this once before the flowtable lookup, and then use a helper function to access the...
netfilter: nf_tables: release flowtable after rcu grace period on error
...
SUSE CVE-2026-23392
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release flowtable after rcu grace period on error Call synchronizercu after unregistering the hooks from error path, since a hook that already refers to this flowtable can be already registered, exposing this...
CVE-2026-23392
A flaw was found in the Linux kernel's netfilter component, specifically within the nftables subsystem. An error in releasing a flowtable after an RCU Read-Copy-Update grace period could lead to a use-after-free vulnerability. This issue could expose the flowtable to the packet path and...
EUVD-2026-15393
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release flowtable after rcu grace period on error Call synchronizercu after unregistering the hooks from error path, since a hook that already refers to this flowtable can be already registered, exposing this...
CVE-2026-23392
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release flowtable after rcu grace period on error Call synchronizercu after unregistering the hooks from error path, since a hook that already refers to this flowtable can be already registered, exposing this...
CVE-2026-23392
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release flowtable after rcu grace period on error Call synchronizercu after unregistering the hooks from error path, since a hook that already refers to this flowtable can be already registered, exposing this...
CVE-2026-23392
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release flowtable after rcu grace period on error Call synchronizercu after unregistering the hooks from error path, since a hook that already refers to this flowtable can be already registered, exposing this...
CVE-2026-23392 netfilter: nf_tables: release flowtable after rcu grace period on error
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release flowtable after rcu grace period on error Call synchronizercu after unregistering the hooks from error path, since a hook that already refers to this flowtable can be already registered, exposing this...
CVE-2026-23392
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release flowtable after rcu grace period on error Call synchronizercu after unregistering the hooks from error path, since a hook that already refers to this flowtable can be already registered, exposing this...
CVE-2026-23392 netfilter: nf_tables: release flowtable after rcu grace period on error
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: release flowtable after rcu grace period on error Call synchronizercu after unregistering the hooks from error path, since a hook that already refers to this flowtable can be already registered, exposing this...
CVE-2026-23392
The CVE-2026-23392 vulnerability affects the Linux kernel nf_tables flowtable handling. Root cause: during error paths, a hook may still reference a flowtable, exposing it to the packet path and nfnetlink control plane. The fix inserts synchronize_rcu() after unregistering hooks (rcu grace period...