kernel: netfilter: ctnetlink: ensure safe access to master conntrack

A flaw was found in the netfilter: ctnetlink component of the Linux kernel. This vulnerability occurs due to insufficient locking when accessing the master conntrack object, allowing it to become invalid while still being referenced. A local attacker could potentially exploit this race condition,...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: Use a helper function to calculate the expected ID. The deletion of the expectation path requires a call to the nfexpectgetid helper function to calculate the expected ID. Otherwise, the ID of the expectatio...

SUSE CVE-2026-43116

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master conntrack object can just go away, making exp-master invalid. To access exp-master safely: - Grab the...

EUVD-2026-27641

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master conntrack object can just go away, making exp-master invalid. To access exp-master safely: - Grab the...

CVE-2026-43116

A flaw was found in the netfilter: ctnetlink component of the Linux kernel. This vulnerability occurs due to insufficient locking when accessing the master conntrack object, allowing it to become invalid while still being referenced. A local attacker could potentially exploit this race condition,...

CVE-2026-43116

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master conntrack object can just go away, making exp-master invalid. To access exp-master safely: - Grab the...

CVE-2026-43116

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master conntrack object can just go away, making exp-master invalid. To access exp-master safely: - Grab the...

CVE-2026-43116

The CVE-2026-43116 issue affects the Linux kernel’s netfilter ctnetlink master conntrack handling. The root cause is insufficient locking around the master conntrack object, which can become invalid while still referenced (exp->master). The fix extends the nf_conntrack_expect_lock and the spin...

CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master conntrack object can just go away, making exp-master invalid. To access exp-master safely: - Grab the...

PT-2026-37426

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the netfilter ctnetlink component allows for unsafe access to the master conntrack object. Holding a reference to the expectation is insufficient because the master conntrack...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from accessing exp-master in ctnetlink without properly securing the master connection tracking object,...

Linux Distros Unpatched Vulnerability : CVE-2026-43116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master conntrack object can just go awa...

SUSE CVE-2026-43025

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ignore explicit helper on new expectations Use the existing master conntrack helper, anything else is not really supported and it just makes validation more complicated, so just ignore what helper userspace...

SUSE CVE-2026-43026

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: zero expect NAT fields when CTAEXPECTNAT absent ctnetlinkallocexpect allocates expectations from a non-zeroing slab cache via nfctexpectalloc. When CTAEXPECTNAT is not present in the netlink message, savedad...

Astra Linux - уязвимость в linux

In the Linux kernel up to version 5.8.7, local attackers who were able to inject conntrack netlink configurations could exploit an overflow in a local buffer, resulting in crashes or triggering the use of incorrect protocol numbers in ctnetlinkparsetuplefilter in net/netfilter/nfconntracknetlink....

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: ctnetlink: fixed a refcount leak during table dump There is a reference count leak in ctnetlinkdumptable: if res ctgeneral; // HERE cb-args1 = unsigned longct; … Although it’s very unlikely, it’s possible that ct ==...

Linux Distros Unpatched Vulnerability : CVE-2026-43025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: ctnetlink: ignore explicit helper on new expectations Use the existing master conntrack helper, anything else is not really supported and it just mak...

Linux Distros Unpatched Vulnerability : CVE-2026-43026

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: ctnetlink: zero expect NAT fields when CTAEXPECTNAT absent ctnetlinkallocexpect allocates expectations from a non-zeroing slab cache via...

CVE-2026-43026

A flaw was found in the Linux kernel's netfilter component, specifically within the ctnetlink module. This vulnerability occurs because certain fields are not properly initialized when a new connection tracking expectation is created without the Network Address Translation NAT expectation...

CVE-2026-43026

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: zero expect NAT fields when CTAEXPECTNAT absent ctnetlinkallocexpect allocates expectations from a non-zeroing slab cache via nfctexpectalloc. When CTAEXPECTNAT is not present in the netlink message, savedad...