Linux Kernel Vulnerability Affecting Netfilter
CVE-2026-43025

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43025?

A vulnerability in the Linux kernel's netfilter component allows an attacker to exploit the existing master conntrack helper, leading to potential reading of kernel memory beyond expected boundaries. This issue arose from the handling of expectations in user space, where unsupported helpers were partially processed, complicating validation. When the CTA_EXPECT_CLASS was validated with an incorrect helper, it caused a slab-out-of-bounds error, risking the integrity and confidentiality of kernel space memory. Addressing this vulnerability ensures that only the approved conntrack helpers are utilized, solidifying the kernel's security posture.

Affected Version(s)

Linux bd0779370588386e4a67ba5d0b176cfded8e6a53

Linux bd0779370588386e4a67ba5d0b176cfded8e6a53 < 2ea0f35f235f70c133ad61fe05ba013753b978c6

Linux bd0779370588386e4a67ba5d0b176cfded8e6a53 < 0f6c33697ccfac6499d0b7a4dbdec5d3a3a566cd

References

https://git.kernel.org/stable/c/e135f8e8212cbed12a03ab8de...

https://git.kernel.org/stable/c/2ea0f35f235f70c133ad61fe0...

https://git.kernel.org/stable/c/0f6c33697ccfac6499d0b7a4d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43025 Data

JSON