CVE-2026-43329 · threatengine.sh

Home/CVE/In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum nu

CVE

CVE-2026-43329

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum nu

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IPv6 is: ethernet mangling (4 payload actions, 2 for each ethernet address) SNAT (4 payload actions) DNAT (4 payload actions) Double VLAN (4 vlan actions, 2 for popping vlan, and 2 for pushing) for QinQ. * Redirect (1 action) Which makes 17, while the maximum is 16. But act_ct supports for tunnels actions too. Note that payload action operates at 32-bit word level, so mangling an IPv6 address takes 4 payload actions.

Update flow_action_entry_next() calls to check for the maximum number of supported actions. While at it, rise the maximum number of actions per flow from 16 to 24 so this works fine with IPv6 setups.

HIGH · CVSS 7.8 EPSS 0.00013

Schedule remediation

CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

▤

Affected Products & Versions

7

linux kernel>= 5.5 and < 5.15.203
linux kernel>= 5.16 and < 6.1.168
linux kernel>= 6.2 and < 6.6.134
linux kernel>= 6.7 and < 6.12.81
linux kernel>= 6.13 and < 6.18.22
linux kernel>= 6.19 and < 6.19.12
linux kernelall versions

▣

Scoring & Timeline

7.8

HIGH · CVSS v3.1 · 416baaa9-dc9f-4396-8d5f-8c081fb06d67

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD08 May 2026 · 02:16 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

🔗

References & Sources

7

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://git.kernel.org/stable/c/504c9456699dcf4d15195ef34a0fa94a80bfc877Patch

https://git.kernel.org/stable/c/5382bb03e9c33b089d60788478b922a2dca284ccPatch

https://git.kernel.org/stable/c/57c78bd2e2dd08897acd35b2bf8bcef322e36f5ePatch

https://git.kernel.org/stable/c/76522fcdbc3a02b568f5d957f7e66fc194abb893Patch

https://git.kernel.org/stable/c/879959a7a2be814dd57568655eafa3d8f4d0309ePatch

https://git.kernel.org/stable/c/ead66c77303f760f6c30be96e2e20d5a77cef614Patch

Show all 7 references

https://git.kernel.org/stable/c/fe9018d3e94329f1951b00805a8640bc06f56eadPatch

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin