Out-of-bounds read in Linux kernel - CVE-2026-43453
Published: May 8, 2026
Vulnerability identifier: #VU130720
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43453
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local attacker to disclose sensitive information.
The vulnerability exists due to out-of-bounds read in pipapo_drop() when processing nftables set data. A local attacker can trigger the vulnerable code path to disclose sensitive information.
The issue occurs on the last iteration when evaluating rulemap[i + 1].n, causing a read 4 bytes past the end of the stack-allocated rulemap array.
How to mitigate CVE-2026-43453
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/0a55d62cdb628923d8a21724374a70c76ac7d19d
- https://git.kernel.org/stable/c/1957e793196e7f8557374fd4eda53abcbb42e1c0
- https://git.kernel.org/stable/c/324b749aa5b2d516ccfab933df9d3f56e7807f5f
- https://git.kernel.org/stable/c/57fb87ca095d5127cd7a27583b8ec43dcf7c9e9e
- https://git.kernel.org/stable/c/60c1d18781e37bfb96290b86510eb01c5fa24d75
- https://git.kernel.org/stable/c/d6d8cd2db236a9dd13dbc2d05843b3445cc964b5
- https://git.kernel.org/stable/c/dfbdac719198778b581bc0dd055df2542edb8c62
- https://git.kernel.org/stable/c/e047f6fbb975f685d6c9fcef95b3b7787a79b46d