7 matches found
EUVD-2026-28757
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: fix entry leak in bridge verdict error path nfqnlrecvverdict calls finddequeueentry to remove the queue entry from the queue data structures, taking ownership of the entry. For PFBRIDGE packets, it then...
CVE-2026-43451
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: fix entry leak in bridge verdict error path nfqnlrecvverdict calls finddequeueentry to remove the queue entry from the queue data structures, taking ownership of the entry. For PFBRIDGE packets, it then...
UBUNTU-CVE-2026-43451
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: fix entry leak in bridge verdict error path nfqnlrecvverdict calls finddequeueentry to remove the queue entry from the queue data structures, taking ownership of the entry. For PFBRIDGE packets, it then...
CVE-2026-43451 netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: fix entry leak in bridge verdict error path nfqnlrecvverdict calls finddequeueentry to remove the queue entry from the queue data structures, taking ownership of the entry. For PFBRIDGE packets, it then...
CVE-2026-43451
Summary of CVE-2026-43451 (Linux kernel): The nfnetlink_queue entry leak occurs in the bridge verdict error path. When nfqnl_recv_verdict() dequeues an entry for PF_BRIDGE packets and nfqa_parse_bridge() returns an error (for example VLAN TCI missing when VLAN is present), the code returns withou...
No title provided
REJECTED CVE An issue was identified in the Linux kernel's netfilter subsystem related to nftables. The issue occurs when a positive value, such as NFACCEPT, is provided in the upper 16 bits of NFDROP verdict parameters, which are expected to contain valid errno values e.g., -EPERM. This improper...
kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function
A flaw was found in the Netfilter subsystem in the Linux kernel. This issue occurs in the nftverdictinit function, allowing positive values as a drop error within the hook verdict, therefore, the nfhookslow function can cause a double-free vulnerability when NFDROP is issued with a drop error tha...