CVE-2026-43114

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the netfilter component, specifically within the nft set pipapo avx2 function. When AVX2 matching functions are used, the system may incorrectly return a non-matching entry upon expiry. This occurs because of an early return in the AVX2 match functions during the processing of the last field; the system fails to consume the entire input size, which can lead to incorrect masking. Consequently, the skip-step may identify a matching element based only on the first field, returning an entry even if the last field differs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.