SB2026050882 - Memory leak in Linux kernel netfilter
Published: May 8, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Memory leak (CVE-ID: CVE-2026-43451)
CWE-ID: CWE-401 - Missing release of memory after effective lifetime
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a memory leak in nfqnl_recv_verdict() in nfnetlink_queue when parsing bridge VLAN attributes for PF_BRIDGE packets. A remote attacker can send a specially crafted netfilter queue verdict message to cause a denial of service.
Repeated triggering can exhaust kernel memory by leaking an nf_queue_entry, its associated sk_buff, and related references.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0b18d1b834ab5a5009be70b530f978d7989e445b
- https://git.kernel.org/stable/c/208669df703a25a601f45822b10c413f258bf275
- https://git.kernel.org/stable/c/47b1c5d1b0944aa88299f55a846fabaefc756982
- https://git.kernel.org/stable/c/9853d94b82d303fc4ac37d592a23a154096ecd41
- https://git.kernel.org/stable/c/a907bea273b60d3e604ec4e8e1f6c49954805794
- https://git.kernel.org/stable/c/b38d2b4603fd3dda24eb8b3dd81c18a0930be97b
- https://git.kernel.org/stable/c/cf4a4df38d1747e06fc54f9879bd7a6f4178032f
- https://git.kernel.org/stable/c/f1ba83755d81c6fc66ac7acd723d238f974091e9