CVE-2026-43451
Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path nfqnl_recv_verdict() calls find_dequeue_entry() to remove the queue entry from the queue data structures, taking ownership of the entry. For PF_BRIDGE packets, it then calls nfqa_parse_bridge() to parse VLAN attributes. If nfqa_parse_bridge() returns an error (e.g. NFQA_VLAN present but NFQA_VLAN_TCI missing), the function returns immediately without freeing the dequeued entry or its sk_buff. This leaks the nf_queue_entry, its associated sk_buff, and all held references (net_device refcounts, struct net refcount). Repeated triggering exhausts kernel memory. Fix this by dropping the entry via nfqnl_reinject() with NF_DROP verdict on the error path, consistent with other error handling in this file.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 6.1.170-1 |
| debian | bullseye | fixed | 5.10.257-1 |
| debian | forky | fixed | 6.19.10-1 |
| debian | sid | fixed | 6.19.10-1 |
| debian | trixie | fixed | 6.12.85-1 |
| linux-kernel | affected | 5.10.253 | |
| linux-kernel | 7.0 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| gcp | | |
References
- https://git.kernel.org/stable/c/0b18d1b834ab5a5009be70b530f978d7989e445b
- https://git.kernel.org/stable/c/208669df703a25a601f45822b10c413f258bf275
- https://git.kernel.org/stable/c/47b1c5d1b0944aa88299f55a846fabaefc756982
- https://git.kernel.org/stable/c/9853d94b82d303fc4ac37d592a23a154096ecd41
- https://git.kernel.org/stable/c/a907bea273b60d3e604ec4e8e1f6c49954805794
- https://git.kernel.org/stable/c/b38d2b4603fd3dda24eb8b3dd81c18a0930be97b
- https://git.kernel.org/stable/c/cf4a4df38d1747e06fc54f9879bd7a6f4178032f
- https://git.kernel.org/stable/c/f1ba83755d81c6fc66ac7acd723d238f974091e9
- https://www.suse.com/security/cve/CVE-2026-43451.html
- https://security-tracker.debian.org/tracker/CVE-2026-43451
CWEs
CWE-401
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.