netfilter: nf_tables: reject immediate NF_QUEUE verdict

Summary

CVE	CVE-2026-43024
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-05-01 15:16:46 UTC
Updated	2026-05-01 15:24:14 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject immediate NF_QUEUE verdict nft_queue is always used from userspace nftables to deliver the NF_QUEUE verdict. Immediately emitting an NF_QUEUE verdict is never used by the userspace nft tools, so reject immediate NF_QUEUE verdicts. The arp family does not provide queue support, but such an immediate verdict is still reachable. Globally reject NF_QUEUE immediate verdicts to address this issue.

Risk And Classification

EPSS: 0.000240000 probability, percentile 0.068220000 (date 2026-05-02)

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected 55a60251fa50d4e68175e36666b536a602ce4f6c 2f7f825a548be55420f0f5f716f6c27b9d312d3f git	Not specified
CNA	Linux	Linux	affected 960cf4f812530f01f6acc6878ceaa5404c06af7b f140593901724cfbd16597c3a4fcb24a58ae44b0 git	Not specified
CNA	Linux	Linux	affected 8e34430e33b8a80bc014f3efe29cac76bc30a4b4 68390437a998c3f2c57212b413abef5e6d657d88 git	Not specified
CNA	Linux	Linux	affected 6653118b176a00915125521c6572ae8e507621db 4b12a3cc3f075e750cc3c5e693fd25fb400af4a2 git	Not specified
CNA	Linux	Linux	affected f342de4e2f33e0e39165d8639387aa6c19dff660 f710691be163ae6b39e4bcab9e5be32d329f035b git	Not specified
CNA	Linux	Linux	affected f342de4e2f33e0e39165d8639387aa6c19dff660 42a47f4b1b7695026ab9bc1bb35d4622b0835c95 git	Not specified
CNA	Linux	Linux	affected f342de4e2f33e0e39165d8639387aa6c19dff660 17dc5d5a935c771338430cbc156a16a51cfd31e8 git	Not specified
CNA	Linux	Linux	affected f342de4e2f33e0e39165d8639387aa6c19dff660 da107398cbd4bbdb6bffecb2ce86d5c9384f4cec git	Not specified
CNA	Linux	Linux	affected 8365e9d92b85fda975a5ece7a3a139cb964018c8 git	Not specified
CNA	Linux	Linux	affected 4e66422f1b56149761dc76030e6345d1cca6f869 git	Not specified
CNA	Linux	Linux	affected f05a497e7bc8851eeeb3a58da180ba469efebb05 git	Not specified
CNA	Linux	Linux	affected 6.8	Not specified
CNA	Linux	Linux	unaffected 6.8 semver	Not specified
CNA	Linux	Linux	unaffected 5.10.253 5.10.* semver	Not specified
CNA	Linux	Linux	unaffected 5.15.203 5.15.* semver	Not specified
CNA	Linux	Linux	unaffected 6.1.168 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.134 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.81 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.22 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 6.19.12 6.19.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0 * original_commit_for_fix	Not specified

References

Reference	Source	Link	Tags
git.kernel.org/stable/c/17dc5d5a935c771338430cbc156a16a51cfd31e8	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/da107398cbd4bbdb6bffecb2ce86d5c9384f4cec	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/42a47f4b1b7695026ab9bc1bb35d4622b0835c95	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/68390437a998c3f2c57212b413abef5e6d657d88	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/f710691be163ae6b39e4bcab9e5be32d329f035b	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/4b12a3cc3f075e750cc3c5e693fd25fb400af4a2	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/f140593901724cfbd16597c3a4fcb24a58ae44b0	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/2f7f825a548be55420f0f5f716f6c27b9d312d3f	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.