5 matches found
CVE-2026-45859
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: do shared-unconfirmed check before segmentation Ulrich reports a regression with nfqueue: If an application did not set the 'FGSO' capability flag and a gso packet with an unconfirmed nfconn entry is...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftct: Skip the evaluation of rules for confirmed conntrack entries. The nftctexpectobjeval function calls nfctextadd for confirmed conntrack entries. However, nfctextadd can only be called when !nfctisconfirmed is...
CVE-2024-27415
In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nfconfirm logic cannot handle cloned skbs referencing the same nfconn entry, which will happen for multicast broadcast frames on bridges...
SUSE CVE-2021-47129
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: skip expectations for confirmed conntrack nftctexpectobjeval calls nfctextadd for a confirmed conntrack entry. However, nfctextadd can only be called for !nfctisconfirmed. 1825.349056 WARNING: CPU: 0 PID: 1279 a...
PT-2025-41079
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue was identified in the Linux kernel related to the netfilter conntrack functionality. The problem involves an incorrect timeout value for connection tracking entries ct-timeout...