PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43084 Linux CVE debrief

CVE-2026-43084 is a Linux kernel netfilter issue in nfnetlink_queue that can trigger a slab-use-after-free while nfqnl_recv_verdict walks queue entries. The source description says the crash is caused by sharing a global hash table across queues, allowing a freed nf_queue_entry to be encountered by a parallel CPU. NVD rates it HIGH with a local attack vector and lists multiple affected kernel version ranges. The issue was published on 2026-05-06 and later modified on 2026-05-20.

Vendor
Linux
Product
Unknown
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-06
Original CVE updated
2026-05-20
Advisory published
2026-05-06
Advisory updated
2026-05-20

Who should care

Linux kernel maintainers, distro security teams, and administrators running affected kernel builds—especially systems using nfnetlink_queue/netfilter features. Because the CVSS vector is local and requires low privileges, the main concern is authenticated local impact on kernel integrity and availability.

Technical summary

The vulnerability is a race in nfnetlink_queue’s handling of nf_queue_entry objects. According to the CVE description, a global hash table shared by all queues can let one CPU free an entry with kfree while another CPU still traverses the list, producing a KASAN-reported slab-use-after-free in nfqnl_recv_verdict. The described fix is to make the hash table per-queue; the record also notes kfree_rcu() as an alternative that was avoided due to memory pressure.

Defensive priority

High. This is a kernel memory-safety bug with high CVSS severity, local attack requirements, and potential full impact on confidentiality, integrity, and availability in affected environments. Prioritize patching affected kernels and validating exposure where netfilter queue functionality is used.

Recommended defensive actions

  • Upgrade Linux kernels to versions that include the vendor fix referenced by the NVD patch links.
  • Check fleet exposure against the NVD affected ranges: 6.12.75 through 6.12.82, 6.18.14 through 6.18.23, and 6.19.4 through 6.19.13.
  • Treat hosts that use nfnetlink_queue/netfilter queueing as higher priority for remediation and testing.
  • If immediate upgrade is not possible, reduce local user access on impacted systems and monitor for kernel crash or KASAN evidence during validation.
  • Track downstream distro advisories for backported fixes before relying on version numbers alone.

Evidence notes

This debrief is based only on the supplied CVE record and NVD metadata. PublishedAt is 2026-05-06T10:16:21.610Z and ModifiedAt is 2026-05-20T23:06:46.363Z. NVD lists the vulnerability as undergoing analysis and assigns CVSS 3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with CWE-416. The supplied description states the bug is a slab-use-after-free in nfqnl_recv_verdict caused by a shared global hash table; it also mentions per-queue hashing as the chosen fix and kfree_rcu() as an alternative. NVD vulnerable version criteria indicate the affected Linux kernel ranges as 6.12.75-<6.12.83, 6.18.14-<6.18.24, and 6.19.4-<6.19.14.

Official resources

CVE published 2026-05-06T10:16:21.610Z and last modified 2026-05-20T23:06:46.363Z. The supplied NVD snapshot shows the record as undergoing analysis at the time of capture.