CVE-2026-43084
Use-After-Free in Linux Kernel nfnetlink_queue
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux_kernel | linux_kernel | * |
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's netfilter nfnetlink_queue component. It arises because a global hash table is shared among all queues, which can lead to a crash due to a use-after-free bug. Specifically, the structure nf_queue_entry is freed using kfree, but a parallel CPU might still access this freed entry when traversing the list, causing a kernel crash.
The issue occurs in the function nfqnl_recv_verdict, and the problem is related to memory management and concurrency. An alternative fix involves using kfree_rcu() to free nf_queue_entry, but this would increase memory pressure because allocations and frees happen for each skb.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash due to a use-after-free error in the netfilter nfnetlink_queue subsystem. Such crashes can lead to system instability, denial of service, and potential disruption of network packet processing.