PT-2026-37426 · Linux+1 · Linux Kernel+1

Published

2026-05-06

Updated

2026-06-19

CVE-2026-43116

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw in the netfilter ctnetlink component allows for unsafe access to the master conntrack object. Holding a reference to the expectation is insufficient because the master conntrack object can be removed, rendering exp->master invalid. This occurs during the delete expectation command, the get expectation command, and during the delivery of the IPEXP NEW event, where the master conntrack event cache is accessed via exp->master.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALSA-2026:21557

ALSA-2026:25217

CVE-2026-43116

ECHO-F074-174B-4938

OESA-2026-2674

RHSA-2026:21557

RHSA-2026:25217

Affected Products

Linux Kernel

Rocky Linux

PT-2026-37426 · Linux+1 · Linux Kernel+1

CVE-2026-43116

Weakness Enumeration

Related Identifiers

Affected Products

References · 158