CVE-2026-43085

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw in the netfilter nfnetlink log component allows the leakage of four bytes of stale kernel heap data to userspace. This occurs when batching multiple NFLOG messages, where the nfulnl send() function appends an NLMSG DONE terminator using nlmsg put(). Because nlmsg put() only zeroes alignment padding and not the nfgenmsg payload itself, uninitialized data is exposed.

Recommendations Update the Linux kernel to a version where nfnl msg put() is used to build the NLMSG DONE terminator, ensuring the nfgenmsg payload is properly initialized via nfnl fill hdr().