CVE-2026-43060
Published: May 5, 2026
Modified: May 11, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: drop pending enqueued packets on removal Packets sitting in nfqueue might hold a reference to: - templates that specify the conntrack zone, because a percpu area is used and module removal is possible. - conntrack timeout policies and helper, where object removal leave a stale reference. Since these objects can just go away, drop enqueued packets to avoid stale reference to them. If there is a need for finer grain removal, this logic can be revisited to make selective packet drop upon dependencies.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 7e0b2b57f01d183e1c84114f1f2287737358d748 - < 8a64e76933672b08bd85b63086f33432070fd729affected 7e0b2b57f01d183e1c84114f1f2287737358d748 - < 3da0b946835f33bf36b459ead764c61a761e689baffected 7e0b2b57f01d183e1c84114f1f2287737358d748 - < ab50302190b303f847c4eba0e31a01a56dec596eaffected 7e0b2b57f01d183e1c84114f1f2287737358d748 - < e68a8db3a0546482b34e9ca5ca886bcf73eb37bbaffected 7e0b2b57f01d183e1c84114f1f2287737358d748 - < 6802ff8beceb9c4254318e81c1395720438f2cc2+3 more versions |
Linux | Linux | affected 4.19unaffected 0 - < 4.19unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.167 - <= 6.1.*+5 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now