Use-After-Free Vulnerability in Linux Kernel Netfilter Component
CVE-2026-43027

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43027?

A use-after-free vulnerability has been identified in the netfilter component of the Linux kernel. This issue arises when the function nf_conntrack_helper_unregister incorrectly passes NULL instead of the actual helper pointer, leading to the improper cleanup of expectations tied to the helper. As a result, when the corresponding helper object is deleted, it can trigger dereferencing of freed memory during subsequent operations. This could lead to instability within the system, and potentially allow for malicious exploitation by accessing previously freed memory, which is a critical concern for maintaining system security.

Affected Version(s)

Linux ac7b848390036dadd4351899d2a23748075916bd < 5cf28d5c8dcbbe8af6d3b145babe491906d7bad1

Linux ac7b848390036dadd4351899d2a23748075916bd < 504ba4168466c91210c45acdc332479cfd5f2da6

Linux ac7b848390036dadd4351899d2a23748075916bd

References

https://git.kernel.org/stable/c/5cf28d5c8dcbbe8af6d3b145b...

https://git.kernel.org/stable/c/504ba4168466c91210c45acdc...

https://git.kernel.org/stable/c/dc1739eff48e34cc71d4e2f03...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43027 Data

JSON