CVE-2026-43026

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the netfilter component where the ctnetlink alloc expect() function allocates expectations from a non-zeroing slab cache via nf ct expect alloc(). When CTA EXPECT NAT is absent from the netlink message, the saved addr and saved proto variables are not initialized. This allows stale data from a previous slab occupant to be leaked to userspace by the ctnetlink exp dump expect() function, which uses these fields to determine whether to emit CTA EXPECT NAT.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.