CVE-2026-43451

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak exists in the netfilter nfnetlink queue component. The nfqnl recv verdict() function calls find dequeue entry() to remove a queue entry, taking ownership of it. For PF BRIDGE packets, it then calls nfqa parse bridge() to parse VLAN attributes. If nfqa parse bridge() returns an error, such as when NFQA VLAN is present but NFQA VLAN TCI is missing, the function returns immediately without freeing the dequeued entry or its associated sk buff. This results in the leak of the nf queue entry, the sk buff, and held references including net device and struct net refcounts. Repeatedly triggering this condition can exhaust kernel memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.