{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-43329","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-01T14:12:56.002Z","datePublished":"2026-05-08T13:31:17.479Z","dateUpdated":"2026-05-11T22:22:27.808Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:22:27.808Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: strictly check for maximum number of actions\n\nThe maximum number of flowtable hardware offload actions in IPv6 is:\n\n* ethernet mangling (4 payload actions, 2 for each ethernet address)\n* SNAT (4 payload actions)\n* DNAT (4 payload actions)\n* Double VLAN (4 vlan actions, 2 for popping vlan, and 2 for pushing)\n  for QinQ.\n* Redirect (1 action)\n\nWhich makes 17, while the maximum is 16. But act_ct supports for tunnels\nactions too. Note that payload action operates at 32-bit word level, so\nmangling an IPv6 address takes 4 payload actions.\n\nUpdate flow_action_entry_next() calls to check for the maximum number of\nsupported actions.\n\nWhile at it, rise the maximum number of actions per flow from 16 to 24\nso this works fine with IPv6 setups."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH"}}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/nf_flow_table_offload.c"],"versions":[{"version":"c29f74e0df7a02b8303bcdce93a7c0132d62577a","lessThan":"ead66c77303f760f6c30be96e2e20d5a77cef614","status":"affected","versionType":"git"},{"version":"c29f74e0df7a02b8303bcdce93a7c0132d62577a","lessThan":"fe9018d3e94329f1951b00805a8640bc06f56ead","status":"affected","versionType":"git"},{"version":"c29f74e0df7a02b8303bcdce93a7c0132d62577a","lessThan":"5382bb03e9c33b089d60788478b922a2dca284cc","status":"affected","versionType":"git"},{"version":"c29f74e0df7a02b8303bcdce93a7c0132d62577a","lessThan":"57c78bd2e2dd08897acd35b2bf8bcef322e36f5e","status":"affected","versionType":"git"},{"version":"c29f74e0df7a02b8303bcdce93a7c0132d62577a","lessThan":"504c9456699dcf4d15195ef34a0fa94a80bfc877","status":"affected","versionType":"git"},{"version":"c29f74e0df7a02b8303bcdce93a7c0132d62577a","lessThan":"879959a7a2be814dd57568655eafa3d8f4d0309e","status":"affected","versionType":"git"},{"version":"c29f74e0df7a02b8303bcdce93a7c0132d62577a","lessThan":"76522fcdbc3a02b568f5d957f7e66fc194abb893","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/nf_flow_table_offload.c"],"versions":[{"version":"5.5","status":"affected"},{"version":"0","lessThan":"5.5","status":"unaffected","versionType":"semver"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.168","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.134","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.81","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.22","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.12","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.15.203"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.1.168"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.6.134"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.12.81"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.18.22"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.19.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ead66c77303f760f6c30be96e2e20d5a77cef614"},{"url":"https://git.kernel.org/stable/c/fe9018d3e94329f1951b00805a8640bc06f56ead"},{"url":"https://git.kernel.org/stable/c/5382bb03e9c33b089d60788478b922a2dca284cc"},{"url":"https://git.kernel.org/stable/c/57c78bd2e2dd08897acd35b2bf8bcef322e36f5e"},{"url":"https://git.kernel.org/stable/c/504c9456699dcf4d15195ef34a0fa94a80bfc877"},{"url":"https://git.kernel.org/stable/c/879959a7a2be814dd57568655eafa3d8f4d0309e"},{"url":"https://git.kernel.org/stable/c/76522fcdbc3a02b568f5d957f7e66fc194abb893"}],"title":"netfilter: flowtable: strictly check for maximum number of actions","x_generator":{"engine":"bippy-1.2.0"}}}}