CVE-2026-43060

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft ct: drop pending enqueued packets on removal

Packets sitting in nfqueue might hold a reference to:

templates that specify the conntrack zone, because a percpu area is used and module removal is possible.
conntrack timeout policies and helper, where object removal leave a stale reference.

Since these objects can just go away, drop enqueued packets to avoid stale reference to them.

If there is a need for finer grain removal, this logic can be revisited to make selective packet drop upon dependencies.

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-43060

Linux