{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation\\n\\nUlrich reports a regression with nfqueue:\\n\\nIf an application did not set the ‘F_GSO’ capability flag and a gso\\npacket with an unconfirmed nf_conn entry is received all packets are\\nnow dropped instead of queued, because the check happens after\\nskb_gso_segment(). In that case, we did have exclusive ownership\\nof the skb and its associated conntrack entry. The elevated use\\ncount is due to skb_clone happening via skb_gso_segment().\\n\\nMove the check so that its peformed vs. the aggregated packet.\\n\\nThen, annotate the individual segments except the first one so we\\ncan do a 2nd check at reinject time.\\n\\nFor the normal case, where userspace does in-order reinjects, this avoids\\npacket drops: first reinjected segment continues traversal and confirms\\nentry, remaining segments observe the confirmed entry.\\n\\nWhile at it, simplify nf_ct_drop_unconfirmed(): We only care about\\nunconfirmed entries with a refcnt \\u003e 1, there is no need to special-case\\ndying entries.\\n\\nThis only happens with UDP. With TCP, the only unconfirmed packet will\\nbe the TCP SYN, those aren’t aggregated by GRO.\\n\\nNext patch adds a udpgro test case to cover this scenario.”,”published”:”2026-05-27T12:15:39.322Z”,”modified”:”2026-05-30T10:45:35.721Z”,”type”:”cve”,”title”:”netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation”,”source”:”Linux”,”references”:”https:\/\/git.kernel.org\/stable\/c\/79b713ef4261a8ead96af4703f89d0b5f25532e2\\nhttps:\/\/git.kernel.org\/stable\/c\/23901aa6b8a2f294c4b774436b4691f3ff863a8f\\nhttps:\/\/git.kernel.org\/stable\/c\/b740e7ddd7ca0dbfeafca3f5e52717206cf28524\\nhttps:\/\/git.kernel.org\/stable\/c\/207b3ebacb6113acaaec0d171d5307032c690004″,”id”:”CVE-2026-45859″,”bulletinFamily”:””,”cwe”:null,”cvelist”:null,”sourceData”:”Linux Linux 7d8dc1c7be8d3509e8f5164dd5df64c8e34d7eeb\\nLinux Linux 7d8dc1c7be8d3509e8f5164dd5df64c8e34d7eeb\\nLinux Linux 7d8dc1c7be8d3509e8f5164dd5df64c8e34d7eeb\\nLinux Linux 7d8dc1c7be8d3509e8f5164dd5df64c8e34d7eeb\\nLinux Linux 6c4a0ba674f410ab99a30a16f32dac0ebfed5cd3\\nLinux Linux 6dcc8ba8a6074bb79040f502dc66ad23a58a1c86\\nLinux Linux 74e6eb7fd27ef1ccc68041dbc66e6d80d2e4a1a0\\nLinux Linux 025b3326c5c409b372d0103ad30f174e55adbd1b\\nLinux Linux 5.15.166\\nLinux Linux 6.1.107\\nLinux Linux 6.6.48\\nLinux Linux 6.10.7\\nLinux Linux 6.11″,”sourceHref”:””,”cvss”:{“score”:7.5,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Linux”,”version”:”7d8dc1c7be8d3509e8f5164dd5df64c8e34d7eeb”,”vendor”:”Linux”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:\\n\\nnetfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation\\n\\nUlrich reports a regression with nfqueue:\\n\\nIf an application did not…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,16,12,15,13,7,11,5],"class_list":["post-58538","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-75","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n