CVE-2026-43451
Memory Leak in Linux Kernel Netfilter
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's netfilter component, specifically in the nfnetlink_queue subsystem. When processing certain network packets related to bridging (PF_BRIDGE packets), an error in parsing VLAN attributes causes the function to return early without properly freeing allocated resources. This results in a memory leak of queue entries and associated network buffers, which also hold references to network devices and structures.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been fixed in the Linux kernel by correcting the error handling in the netfilter nfnetlink_queue code. To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.
Specifically, ensure your system is running a kernel version released after 2026-05-08 that contains the patch for the nfnetlink_queue entry leak in the bridge verdict error path.
How can this vulnerability impact me? :
The vulnerability causes a memory leak in the kernel by not freeing certain network queue entries and their associated resources when an error occurs. Repeatedly triggering this condition can exhaust kernel memory, potentially leading to degraded system performance, instability, or crashes.