CVE-2026-43454 Linux CVE debrief

Who should care

Linux kernel maintainers, distro security teams, and administrators of systems running affected kernel versions should care most. Systems with local users, container workloads, or other paths that expose untrusted local code execution should prioritize review and patching.

Technical summary

NVD lists the vulnerability as affecting Linux kernel versions 6.16 through 6.18.19, 6.19 through 6.19.9, and early 7.0 release candidates (rc1, rc2, rc3). The source description says the fix is in netfilter nf_tables netdev hook handling: when a NETDEV_REGISTER notification arrives, the code must not register the same device twice because nft_netdev_hook_alloc() may already have added it while the hook was being created. The NVD CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Defensive priority

High. This is a kernel-level issue with local low-privilege exposure and high CIA impact, so affected systems should be patched as soon as vendor updates are available.

Recommended defensive actions

• Apply the vendor or stable-kernel patches referenced by Linux kernel stable commits.
• Verify whether your deployed kernels fall within the affected ranges: 6.16-6.18.19, 6.19-6.19.9, or early 7.0 release candidates.
• Prioritize patching hosts that allow untrusted local users, container tenants, or other local code execution paths.
• Track downstream distro advisories for backported fixes if you do not use upstream stable kernels.
• After patching, confirm the running kernel includes the fix before returning affected systems to normal service.

Evidence notes

All statements are based on the supplied CVE record and NVD metadata. The record identifies the Linux kernel as affected, describes the duplicate-device issue in nf_tables netdev hooks during NETDEV_REGISTER handling, provides affected version ranges, and links three official Linux kernel stable patch references. No exploit details or unsupported root-cause claims are included.

Official resources