Linux Kernel Vulnerability Affecting Netfilter Functionality
CVE-2026-43454

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-43454?

A vulnerability in the Linux kernel affects the netfilter subsystem, where duplicate device registrations during NETDEV_REGISTER notifications can lead to unforeseen issues. The vulnerability arises when a device that has already been registered by nft_netdev_hook_alloc() is inadvertently registered again, potentially compromising the integrity of network operations. A fix has been implemented to ensure that duplicate device handling is properly managed, thus reinforcing the security and stability of the kernel's networking capabilities.

Affected Version(s)

Linux a331b78a552551d0e404e58e6390b1c828d6af8f < 6d2a95c6890577cc3eab2b20018e16850d7fb094

Linux a331b78a552551d0e404e58e6390b1c828d6af8f < 2041cdb078041611510fc189410bc70b29f688fb

Linux a331b78a552551d0e404e58e6390b1c828d6af8f

References

https://git.kernel.org/stable/c/6d2a95c6890577cc3eab2b200...

https://git.kernel.org/stable/c/2041cdb078041611510fc1894...

https://git.kernel.org/stable/c/b7cdc5a97d02c943f4bdde4d5...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43454 Data

JSON