Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-43084

Summary
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At-06 May, 2026 | 07:40
Updated At-06 May, 2026 | 07:40
Rejected At-
Credits

netfilter: nfnetlink_queue: make hash table per queue

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: make hash table per queue Sharing a global hash table among all queues is tempting, but it can cause crash: BUG: KASAN: slab-use-after-free in nfqnl_recv_verdict+0x11ac/0x15e0 [nfnetlink_queue] [..] nfqnl_recv_verdict+0x11ac/0x15e0 [nfnetlink_queue] nfnetlink_rcv_msg+0x46a/0x930 kmem_cache_alloc_node_noprof+0x11e/0x450 struct nf_queue_entry is freed via kfree, but parallel cpu can still encounter such an nf_queue_entry when walking the list. Alternative fix is to free the nf_queue_entry via kfree_rcu() instead, but as we have to alloc/free for each skb this will cause more mem pressure.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Linux
Assigner Org ID:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:06 May, 2026 | 07:40
Updated At:06 May, 2026 | 07:40
Rejected At:
▼CVE Numbering Authority (CNA)
netfilter: nfnetlink_queue: make hash table per queue

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: make hash table per queue Sharing a global hash table among all queues is tempting, but it can cause crash: BUG: KASAN: slab-use-after-free in nfqnl_recv_verdict+0x11ac/0x15e0 [nfnetlink_queue] [..] nfqnl_recv_verdict+0x11ac/0x15e0 [nfnetlink_queue] nfnetlink_rcv_msg+0x46a/0x930 kmem_cache_alloc_node_noprof+0x11e/0x450 struct nf_queue_entry is freed via kfree, but parallel cpu can still encounter such an nf_queue_entry when walking the list. Alternative fix is to free the nf_queue_entry via kfree_rcu() instead, but as we have to alloc/free for each skb this will cause more mem pressure.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • include/net/netfilter/nf_queue.h
  • net/netfilter/nfnetlink_queue.c
Default Status
unaffected
Versions
Affected
  • From 371de2bef6582a3f58049b3d18e190924af9c9a0 before 22730cb96093b5be0609063bbb1923dbecd61252 (git)
  • From 870e3e63da8e88daffe9d692a025c711658018a8 before 41e3652a178cb0eecd48e0e6e27fbb73a004046a (git)
  • From 70e2e3ce4f6841e12ec1c104fc76c0e707398ec4 before 9e5ebef91120d2764aefe557c3a484b6288f341f (git)
  • From e19079adcd26a25d7d3e586b1837493361fdf8b6 before 936206e3f6ff411581e615e930263d6f8b78df9d (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • include/net/netfilter/nf_queue.h
  • net/netfilter/nfnetlink_queue.c
Default Status
unaffected
Versions
Affected
  • From 6.12.75 before 6.12.83 (semver)
  • From 6.18.14 before 6.18.24 (semver)
  • From 6.19.4 before 6.19.14 (semver)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/22730cb96093b5be0609063bbb1923dbecd61252
N/A
https://git.kernel.org/stable/c/41e3652a178cb0eecd48e0e6e27fbb73a004046a
N/A
https://git.kernel.org/stable/c/9e5ebef91120d2764aefe557c3a484b6288f341f
N/A
https://git.kernel.org/stable/c/936206e3f6ff411581e615e930263d6f8b78df9d
N/A
Hyperlink: https://git.kernel.org/stable/c/22730cb96093b5be0609063bbb1923dbecd61252
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/41e3652a178cb0eecd48e0e6e27fbb73a004046a
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/9e5ebef91120d2764aefe557c3a484b6288f341f
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/936206e3f6ff411581e615e930263d6f8b78df9d
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:06 May, 2026 | 10:16
Updated At:06 May, 2026 | 10:16

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: make hash table per queue Sharing a global hash table among all queues is tempting, but it can cause crash: BUG: KASAN: slab-use-after-free in nfqnl_recv_verdict+0x11ac/0x15e0 [nfnetlink_queue] [..] nfqnl_recv_verdict+0x11ac/0x15e0 [nfnetlink_queue] nfnetlink_rcv_msg+0x46a/0x930 kmem_cache_alloc_node_noprof+0x11e/0x450 struct nf_queue_entry is freed via kfree, but parallel cpu can still encounter such an nf_queue_entry when walking the list. Alternative fix is to free the nf_queue_entry via kfree_rcu() instead, but as we have to alloc/free for each skb this will cause more mem pressure.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
CPE Matches
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://git.kernel.org/stable/c/22730cb96093b5be0609063bbb1923dbecd61252416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/41e3652a178cb0eecd48e0e6e27fbb73a004046a416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/936206e3f6ff411581e615e930263d6f8b78df9d416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
https://git.kernel.org/stable/c/9e5ebef91120d2764aefe557c3a484b6288f341f416baaa9-dc9f-4396-8d5f-8c081fb06d67
N/A
Hyperlink: https://git.kernel.org/stable/c/22730cb96093b5be0609063bbb1923dbecd61252
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/41e3652a178cb0eecd48e0e6e27fbb73a004046a
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/936206e3f6ff411581e615e930263d6f8b78df9d
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/9e5ebef91120d2764aefe557c3a484b6288f341f
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found