Memory Management Flaw in Linux Kernel's Netfilter Component by Linux Foundation
CVE-2026-43084

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43084?

A vulnerability in the Linux kernel's netfilter component has been disclosed, where the use of a global hash table for all queues can lead to memory corruption issues. Specifically, this issue arises when the nf_queue_entry structure is freed via kfree, but other CPU threads may still access the freed entry while iterating through the list. This flaw can lead to crashes and is linked to the nfqnl_recv_verdict function. An alternative method, using kfree_rcu, has been suggested, but it introduces additional memory pressure due to the need for per-socket buffer allocation and deallocation.

Affected Version(s)

Linux 371de2bef6582a3f58049b3d18e190924af9c9a0 < 22730cb96093b5be0609063bbb1923dbecd61252

Linux 870e3e63da8e88daffe9d692a025c711658018a8 < 41e3652a178cb0eecd48e0e6e27fbb73a004046a

Linux 70e2e3ce4f6841e12ec1c104fc76c0e707398ec4 < 9e5ebef91120d2764aefe557c3a484b6288f341f

References

https://git.kernel.org/stable/c/22730cb96093b5be0609063bb...

https://git.kernel.org/stable/c/41e3652a178cb0eecd48e0e6e...

https://git.kernel.org/stable/c/9e5ebef91120d2764aefe557c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43084 Data

JSON