Linux Kernel Netfilter Vulnerability Impacting Conntrack Management
CVE-2026-43116

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43116?

In the Linux kernel, a vulnerability exists in the netfilter component where improper management of the master conntrack object can lead to invalid references. The access control over the nf_conntrack_expect_lock is crucial, as failure to handle references correctly may result in potential exploitation avenues. The vulnerability arises when the master conntrack goes out of scope unexpectedly, thereby invalidating any ongoing operations that rely on that reference. To mitigate this, necessary adjustments have been implemented, extending the locking mechanisms, ensuring a more robust handling of references during the conntrack management process. This detailed patch enhances stability and security within the Linux kernel, serving vital protections against unforeseen conntrack deletion scenarios.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 497f99b26fffdc5635706d1b4811f1ed8ee21a5b

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/f338ced0473849c9f6ed0b77c...

https://git.kernel.org/stable/c/497f99b26fffdc5635706d1b4...

https://git.kernel.org/stable/c/bffcaad9afdfe45d7fc777397...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43116 Data

JSON