In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftmetabridge: fix stale stack leak via IIFHWADDR register
NFTMETABRIIIFHWADDR declares its destination register with len = ETHALEN (6 bytes), which the register-init tracking rounds up to two 32-bit registers (8 bytes). nftmetabridgegeteval() then does memcpy(dest, brdev->devaddr, ETHALEN), writing only 6 bytes and leaving the upper 2 bytes of the second register as uninitialised nftdo_chain() stack. A downstream load of that register span leaks those stale bytes to userspace.
Zero the second register before the memcpy so the full declared span is written.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53211.json",
"cna_assigner": "Linux"
}