CVE-2026-43024 - Vulnerability Details

- netfilter: nf_tables: reject immediate NF_QUEUE verdict

Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: reject immediate NF_QUEUE verdict

nft_queue is always used from userspace nftables to deliver the NF_QUEUE
verdict. Immediately emitting an NF_QUEUE verdict is never used by the
userspace nft tools, so reject immediate NF_QUEUE verdicts.

The arp family does not provide queue support, but such an immediate
verdict is still reachable. Globally reject NF_QUEUE immediate verdicts
to address this issue.

Published: 2026-05-01

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel’s netfilter nf_tables module previously permitted an immediate NF_QUEUE verdict, a condition that is never used by user‑space nftables tools. The vulnerability arises because such a verdict could be manually constructed or triggered, leading to packets being handled out of the intended queueing workflow, which could in turn cause unexpected packet filtering or loss. The patch explicitly rejects all immediate NF_QUEUE verdicts, restoring the correct queuing logic and preventing any premature packet delivery.

Affected Systems

All Linux kernel builds that predate the commit introducing the rejection logic are potentially affected. The CNA vendors list only "Linux:Linux" and no explicit version range is provided, so any kernel not yet updated to include the nf_tables immediate NF_QUEUE verdict fix remains vulnerable.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating that no public exploitation data is current. The CVSS score is 5.5, indicating medium severity. Based on the description, it is inferred that a local or elevated process capable of manipulating nftables rules could trigger the flaw. Given the lack of exploitation references and the absence of a high EPSS score, the overall risk appears low to moderate, but it remains prudent to address it promptly.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`55a60251fa50d4e68175e36666b536a602ce4f6c`	affected	< 2f7f825a548be55420f0f5f716f6c27b9d312d3f
`960cf4f812530f01f6acc6878ceaa5404c06af7b`	affected	< f140593901724cfbd16597c3a4fcb24a58ae44b0
`8e34430e33b8a80bc014f3efe29cac76bc30a4b4`	affected	< 68390437a998c3f2c57212b413abef5e6d657d88
`6653118b176a00915125521c6572ae8e507621db`	affected	< 4b12a3cc3f075e750cc3c5e693fd25fb400af4a2
`f342de4e2f33e0e39165d8639387aa6c19dff660`	affected	< f710691be163ae6b39e4bcab9e5be32d329f035b
`f342de4e2f33e0e39165d8639387aa6c19dff660`	affected	< 42a47f4b1b7695026ab9bc1bb35d4622b0835c95
`f342de4e2f33e0e39165d8639387aa6c19dff660`	affected	< 17dc5d5a935c771338430cbc156a16a51cfd31e8
`f342de4e2f33e0e39165d8639387aa6c19dff660`	affected	< da107398cbd4bbdb6bffecb2ce86d5c9384f4cec
`8365e9d92b85fda975a5ece7a3a139cb964018c8`	affected	—
`4e66422f1b56149761dc76030e6345d1cca6f869`	affected	—
`f05a497e7bc8851eeeb3a58da180ba469efebb05`	affected	—

Linux

affected

Version	Status	Constraints
`6.8`	affected	—
`0`	unaffected	< 6.8
`5.10.253`	unaffected	≤ 5.10.*
`5.15.203`	unaffected	≤ 5.15.*
`6.1.168`	unaffected	≤ 6.1.*
`6.6.134`	unaffected	≤ 6.6.*
`6.12.81`	unaffected	≤ 6.12.*
`6.18.22`	unaffected	≤ 6.18.*
`6.19.12`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[55a60251fa50d4e68175e36666b536a602ce4f6c,2f7f825a548be55420f0f5f716f6c27b9d312d3f)`	affected	code_commit	—
`[960cf4f812530f01f6acc6878ceaa5404c06af7b,f140593901724cfbd16597c3a4fcb24a58ae44b0)`	affected	code_commit	—
`[8e34430e33b8a80bc014f3efe29cac76bc30a4b4,68390437a998c3f2c57212b413abef5e6d657d88)`	affected	code_commit	—
`[6653118b176a00915125521c6572ae8e507621db,4b12a3cc3f075e750cc3c5e693fd25fb400af4a2)`	affected	code_commit	—
`[f342de4e2f33e0e39165d8639387aa6c19dff660,f710691be163ae6b39e4bcab9e5be32d329f035b)`	affected	code_commit	—
`[f342de4e2f33e0e39165d8639387aa6c19dff660,42a47f4b1b7695026ab9bc1bb35d4622b0835c95)`	affected	code_commit	—
`[f342de4e2f33e0e39165d8639387aa6c19dff660,17dc5d5a935c771338430cbc156a16a51cfd31e8)`	affected	code_commit	—
`[f342de4e2f33e0e39165d8639387aa6c19dff660,da107398cbd4bbdb6bffecb2ce86d5c9384f4cec)`	affected	code_commit	—
`[8365e9d92b85fda975a5ece7a3a139cb964018c8,*]`	affected	code_commit	—
`[4e66422f1b56149761dc76030e6345d1cca6f869,*]`	affected	code_commit	—
`[f05a497e7bc8851eeeb3a58da180ba469efebb05,*]`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6.8,*]`	affected	semver	—
`[0,6.8)`	unaffected	semver	—
`[5.10.253,5.10.*]`	unaffected	generic	—
`[5.15.203,5.15.*]`	unaffected	generic	—
`[6.1.168,6.1.*]`	unaffected	generic	—
`[6.6.134,6.6.*]`	unaffected	generic	—
`[6.12.81,6.12.*]`	unaffected	generic	—
`[6.18.22,6.18.*]`	unaffected	generic	—
`[6.19.12,6.19.*]`	unaffected	generic	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a release that contains the nf_tables immediate NF_QUEUE verdict fix.
Audit current nftables configurations and remove any rules that invoke an immediate NF_QUEUE verdict.
Restrict nftables rule modification privileges to trusted administrators and enforce a least‑privilege model for rule changes.

Generated by OpenCVE AI on May 2, 2026 at 07:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4561-1	linux-6.1 security update
Debian DSA	DSA-6243-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/17dc5d5a935c771338430cbc156a16a51cfd31e8
https://git.kernel.org/stable/c/2f7f825a548be55420f0f5f716f6c27b9d312d3f
https://git.kernel.org/stable/c/42a47f4b1b7695026ab9bc1bb35d4622b0835c95
https://git.kernel.org/stable/c/4b12a3cc3f075e750cc3c5e693fd25fb400af4a2
https://git.kernel.org/stable/c/68390437a998c3f2c57212b413abef5e6d657d88
https://git.kernel.org/stable/c/da107398cbd4bbdb6bffecb2ce86d5c9384f4cec
https://git.kernel.org/stable/c/f140593901724cfbd16597c3a4fcb24a58ae44b0
https://git.kernel.org/stable/c/f710691be163ae6b39e4bcab9e5be32d329f035b
https://lore.kernel.org/linux-cve-announce/2026050159-CVE-2026-43024-9383@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43024
https://www.cve.org/CVERecord?id=CVE-2026-43024

History

Sat, 02 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-115
References		https://lore.kernel.org/linux-cve-announce/2026050159-CVE-2026-43024-9383@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43024 https://www.cve.org/CVERecord?id=CVE-2026-43024
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Fri, 01 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject immediate NF_QUEUE verdict nft_queue is always used from userspace nftables to deliver the NF_QUEUE verdict. Immediately emitting an NF_QUEUE verdict is never used by the userspace nft tools, so reject immediate NF_QUEUE verdicts. The arp family does not provide queue support, but such an immediate verdict is still reachable. Globally reject NF_QUEUE immediate verdicts to address this issue.
Title		netfilter: nf_tables: reject immediate NF_QUEUE verdict
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/17dc5d5a935c771338430cbc156a16a51cfd31e8 https://git.kernel.org/stable/c/2f7f825a548be55420f0f5f716f6c27b9d312d3f https://git.kernel.org/stable/c/42a47f4b1b7695026ab9bc1bb35d4622b0835c95 https://git.kernel.org/stable/c/4b12a3cc3f075e750cc3c5e693fd25fb400af4a2 https://git.kernel.org/stable/c/68390437a998c3f2c57212b413abef5e6d657d88 https://git.kernel.org/stable/c/da107398cbd4bbdb6bffecb2ce86d5c9384f4cec https://git.kernel.org/stable/c/f140593901724cfbd16597c3a4fcb24a58ae44b0 https://git.kernel.org/stable/c/f710691be163ae6b39e4bcab9e5be32d329f035b

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-01T14:15:26.424Z

Updated: 2026-05-01T14:15:26.424Z

Reserved: 2026-05-01T14:12:55.975Z

Link: CVE-2026-43024

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-01T15:16:46.760

Modified: 2026-05-01T15:24:14.893

Link: CVE-2026-43024

Redhat

Severity : Moderate

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-43024 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-02T07:15:16Z

Weaknesses

CWE-115

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object