In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path
nfqnlrecvverdict() calls finddequeueentry() to remove the queue entry from the queue data structures, taking ownership of the entry. For PFBRIDGE packets, it then calls nfqaparsebridge() to parse VLAN attributes. If nfqaparsebridge() returns an error (e.g. NFQAVLAN present but NFQAVLANTCI missing), the function returns immediately without freeing the dequeued entry or its sk_buff.
This leaks the nfqueueentry, its associated skbuff, and all held references (netdevice refcounts, struct net refcount). Repeated triggering exhausts kernel memory.
Fix this by dropping the entry via nfqnlreinject() with NFDROP verdict on the error path, consistent with other error handling in this file.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43451.json",
"cna_assigner": "Linux"
}