netfilter: nft_ct: drop pending enqueued packets on removal

Summary

CVE	CVE-2026-43060
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-05-05 16:16:15 UTC
Updated	2026-05-06 13:08:07 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: drop pending enqueued packets on removal Packets sitting in nfqueue might hold a reference to: - templates that specify the conntrack zone, because a percpu area is used and module removal is possible. - conntrack timeout policies and helper, where object removal leave a stale reference. Since these objects can just go away, drop enqueued packets to avoid stale reference to them. If there is a need for finer grain removal, this logic can be revisited to make selective packet drop upon dependencies.

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected 7e0b2b57f01d183e1c84114f1f2287737358d748 8a64e76933672b08bd85b63086f33432070fd729 git	Not specified
CNA	Linux	Linux	affected 7e0b2b57f01d183e1c84114f1f2287737358d748 3da0b946835f33bf36b459ead764c61a761e689b git	Not specified
CNA	Linux	Linux	affected 7e0b2b57f01d183e1c84114f1f2287737358d748 ab50302190b303f847c4eba0e31a01a56dec596e git	Not specified
CNA	Linux	Linux	affected 7e0b2b57f01d183e1c84114f1f2287737358d748 e68a8db3a0546482b34e9ca5ca886bcf73eb37bb git	Not specified
CNA	Linux	Linux	affected 7e0b2b57f01d183e1c84114f1f2287737358d748 6802ff8beceb9c4254318e81c1395720438f2cc2 git	Not specified
CNA	Linux	Linux	affected 7e0b2b57f01d183e1c84114f1f2287737358d748 f29a055e4f593e577805b41228b142b58f48df1b git	Not specified
CNA	Linux	Linux	affected 7e0b2b57f01d183e1c84114f1f2287737358d748 77da55dee67720e2b8d2db49a53334e6c017ee7b git	Not specified
CNA	Linux	Linux	affected 7e0b2b57f01d183e1c84114f1f2287737358d748 36eae0956f659e48d5366d9b083d9417f3263ddc git	Not specified
CNA	Linux	Linux	affected 4.19	Not specified
CNA	Linux	Linux	unaffected 4.19 semver	Not specified
CNA	Linux	Linux	unaffected 5.10.253 5.10.* semver	Not specified
CNA	Linux	Linux	unaffected 5.15.203 5.15.* semver	Not specified
CNA	Linux	Linux	unaffected 6.1.167 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.130 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.78 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.20 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 6.19.10 6.19.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0 * original_commit_for_fix	Not specified

References

Reference	Source	Link	Tags
git.kernel.org/stable/c/77da55dee67720e2b8d2db49a53334e6c017ee7b	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/ab50302190b303f847c4eba0e31a01a56dec596e	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/6802ff8beceb9c4254318e81c1395720438f2cc2	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/8a64e76933672b08bd85b63086f33432070fd729	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/36eae0956f659e48d5366d9b083d9417f3263ddc	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/e68a8db3a0546482b34e9ca5ca886bcf73eb37bb	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/f29a055e4f593e577805b41228b142b58f48df1b	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/3da0b946835f33bf36b459ead764c61a761e689b	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.