PT-2026-39112 · Linux · Linux Kernel

Published

2026-05-08

·

Updated

2026-05-15

·

CVE-2026-43451

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A memory leak exists in the netfilter nfnetlink queue component. The nfqnl recv verdict() function calls find dequeue entry() to remove a queue entry, taking ownership of it. For PF BRIDGE packets, it then calls nfqa parse bridge() to parse VLAN attributes. If nfqa parse bridge() returns an error, such as when NFQA VLAN is present but NFQA VLAN TCI is missing, the function returns immediately without freeing the dequeued entry or its associated sk buff. This results in a leak of the nf queue entry, the sk buff, and held references including net device and struct net refcounts. Repeatedly triggering this condition can exhaust kernel memory.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-43451

Affected Products

Linux Kernel