Out-of-Bounds Stack Read in Linux Kernel Affecting Netfilter
CVE-2026-43453

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-43453?

A vulnerability has been identified in the Linux kernel's netfilter component, specifically within the pipapo_drop() function. This flaw arises from how the function handles the rulemap array, leading to a potential out-of-bounds stack read. During iterations over the rulemap, the function erroneously accesses an element beyond the allocated boundary of the stack-allocated array. Although a safeguard exists that prevents further processing when the last item is reached, the argument passed to pipapo_unmap() is evaluated, inadvertently resulting in a read error. Mitigation involves ensuring that the last iteration correctly bypasses the erroneous read.

Affected Version(s)

Linux 3c4287f62044a90e73a561aa05fc46e62da173da < 1957e793196e7f8557374fd4eda53abcbb42e1c0

Linux 3c4287f62044a90e73a561aa05fc46e62da173da < 57fb87ca095d5127cd7a27583b8ec43dcf7c9e9e

Linux 3c4287f62044a90e73a561aa05fc46e62da173da < 60c1d18781e37bfb96290b86510eb01c5fa24d75

References

https://git.kernel.org/stable/c/1957e793196e7f8557374fd4e...

https://git.kernel.org/stable/c/57fb87ca095d5127cd7a27583...

https://git.kernel.org/stable/c/60c1d18781e37bfb96290b865...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43453 Data

JSON