CVE-2026-43024

Published: May 1, 2026Modified: May 8, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject immediate NF_QUEUE verdict nft_queue is always used from userspace nftables to deliver the NF_QUEUE verdict. Immediately emitting an NF_QUEUE verdict is never used by the userspace nft tools, so reject immediate NF_QUEUE verdicts. The arp family does not provide queue support, but such an immediate verdict is still reachable. Globally reject NF_QUEUE immediate verdicts to address this issue.

Affected (23)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

23 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 4.19.307 to 4.20
Linux Linux Kernel	From 5.10.210 to 5.10.253
Linux Linux Kernel	From 5.15.149 to 5.15.203
Linux Linux Kernel	From 5.4.269 to 5.5
Linux Linux Kernel	From 6.1.76 to 6.1.168
Linux Linux Kernel	From 6.13 to 6.18.22
Linux Linux Kernel	From 6.19 to 6.19.12
Linux Linux Kernel	From 6.6.15 to 6.6.134
Linux Linux Kernel	From 6.7.3 to 6.8
Linux Linux Kernel	From 6.8.1 to 6.12.81
Linux Linux Kernel	Version 6.8
Linux Linux Kernel	Version 6.8 rc2
Linux Linux Kernel	Version 6.8 rc3
Linux Linux Kernel	Version 6.8 rc4
Linux Linux Kernel	Version 6.8 rc5
Linux Linux Kernel	Version 6.8 rc6
Linux Linux Kernel	Version 6.8 rc7
Linux Linux Kernel	Version 7.0 rc1
Linux Linux Kernel	Version 7.0 rc2
Linux Linux Kernel	Version 7.0 rc3
Linux Linux Kernel	Version 7.0 rc4
Linux Linux Kernel	Version 7.0 rc5
Linux Linux Kernel	Version 7.0 rc6