Memory leak in Linux kernel - CVE-2026-43451
Published: May 8, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a memory leak in nfqnl_recv_verdict() in nfnetlink_queue when parsing bridge VLAN attributes for PF_BRIDGE packets. A remote attacker can send a specially crafted netfilter queue verdict message to cause a denial of service.
Repeated triggering can exhaust kernel memory by leaking an nf_queue_entry, its associated sk_buff, and related references.
How to mitigate CVE-2026-43451
Sources
- https://git.kernel.org/stable/c/0b18d1b834ab5a5009be70b530f978d7989e445b
- https://git.kernel.org/stable/c/208669df703a25a601f45822b10c413f258bf275
- https://git.kernel.org/stable/c/47b1c5d1b0944aa88299f55a846fabaefc756982
- https://git.kernel.org/stable/c/9853d94b82d303fc4ac37d592a23a154096ecd41
- https://git.kernel.org/stable/c/a907bea273b60d3e604ec4e8e1f6c49954805794
- https://git.kernel.org/stable/c/b38d2b4603fd3dda24eb8b3dd81c18a0930be97b
- https://git.kernel.org/stable/c/cf4a4df38d1747e06fc54f9879bd7a6f4178032f
- https://git.kernel.org/stable/c/f1ba83755d81c6fc66ac7acd723d238f974091e9