CVE-2026-43085

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink log: initialize nfgenmsg in NLMSG DONE terminator

When batching multiple NFLOG messages (inst->qlen > 1), nfulnl send() appends an NLMSG DONE terminator with sizeof(struct nfgenmsg) payload via nlmsg put(), but never initializes the nfgenmsg bytes. The nlmsg put() helper only zeroes alignment padding after the payload, not the payload itself, so four bytes of stale kernel heap data are leaked to userspace in the NLMSG DONE message body.

Use nfnl msg put() to build the NLMSG DONE terminator, which initializes the nfgenmsg payload via nfnl fill hdr(), consistent with how build packet message() already constructs NFULNL MSG PACKET headers.