-

CVE-2026-43085

EPSS 0.02%
Veröffentlicht 06.05.2026 07:40:19
Zuletzt bearbeitet 06.05.2026 13:08:07
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator

When batching multiple NFLOG messages (inst->qlen > 1), __nfulnl_send()
appends an NLMSG_DONE terminator with sizeof(struct nfgenmsg) payload via
nlmsg_put(), but never initializes the nfgenmsg bytes. The nlmsg_put()
helper only zeroes alignment padding after the payload, not the payload
itself, so four bytes of stale kernel heap data are leaked to userspace
in the NLMSG_DONE message body.

Use nfnl_msg_put() to build the NLMSG_DONE terminator, which initializes
the nfgenmsg payload via nfnl_fill_hdr(), consistent with how
__build_packet_message() already constructs NFULNL_MSG_PACKET headers.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

CNA 2 VulnDex Vulnerability Enrichment 13

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 29c5d4afba51c71cfeadd3f74f3c42e064483fb0

Version < 368c22aea490f6f50df831b4f9e3623787686c5b

Status affected

Version 29c5d4afba51c71cfeadd3f74f3c42e064483fb0

Version < d1399632ba255d2e02c757af5d9f5d9279ce168c

Status affected

Version 29c5d4afba51c71cfeadd3f74f3c42e064483fb0

Version < d552bcfca323d175664d7444989b04f55666978a

Status affected

Version 29c5d4afba51c71cfeadd3f74f3c42e064483fb0

Version < 15d209bccf9273b4a8b4e579ba0e92d065b6ec8c

Status affected

Version 29c5d4afba51c71cfeadd3f74f3c42e064483fb0

Version < 1f3083aec8836213da441270cdb1ab612dd82cf4

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.23

Status affected

Version 0

Version < 2.6.23

Status unaffected

Version <= 6.6.*

Version 6.6.136

Status unaffected

Version <= 6.12.*

Version 6.12.83

Status unaffected

Version <= 6.18.*

Version 6.18.24

Status unaffected

Version <= 6.19.*

Version 6.19.14

Status unaffected

Version <= *

Version 7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.068

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/368c22aea490f6f50df831b4f9e3623787686c5b

https://git.kernel.org/stable/c/d1399632ba255d2e02c757af5d9f5d9279ce168c

https://git.kernel.org/stable/c/d552bcfca323d175664d7444989b04f55666978a

https://git.kernel.org/stable/c/15d209bccf9273b4a8b4e579ba0e92d065b6ec8c

https://git.kernel.org/stable/c/1f3083aec8836213da441270cdb1ab612dd82cf4

https://nvd.nist.gov/vuln/detail/CVE-2026-43085

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-43085

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-43085

EUVD