Linux Kernel Vulnerability in Netfilter by Vendor
CVE-2026-43085

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43085?

The Linux kernel has a vulnerability within the netfilter component, specifically related to the nfnetlink_log functionality. When processing multiple NFLOG messages, the __nfulnl_send() function fails to initialize the nfgenmsg payload in the NLMSG_DONE terminator. This oversight allows remnants of stale kernel heap data to be exposed to userspace, potentially resulting in data leakage. To mitigate this, the nfnl_msg_put() function should be employed to construct the NLMSG_DONE terminator correctly. This ensures proper initialization of the nfgenmsg payload, aligning with secure coding practices already established in other kernel messaging routines.

Affected Version(s)

Linux 29c5d4afba51c71cfeadd3f74f3c42e064483fb0 < 368c22aea490f6f50df831b4f9e3623787686c5b

Linux 29c5d4afba51c71cfeadd3f74f3c42e064483fb0

References

https://git.kernel.org/stable/c/368c22aea490f6f50df831b4f...

https://git.kernel.org/stable/c/d1399632ba255d2e02c757af5...

https://git.kernel.org/stable/c/d552bcfca323d175664d74449...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43085 Data

JSON