CVE-2026-43028 PUBLISHED

netfilter: x_tables: ensure names are nul-terminated

Assigner: Linux
Reserved: 01.05.2026 Published: 01.05.2026 Updated: 01.05.2026

In the Linux kernel, the following vulnerability has been resolved:

netfilter: x_tables: ensure names are nul-terminated

Reject names that lack a \0 character before feeding them to functions that expect c-strings.

Fixes tag is the most recent commit that needs this change.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from c38c4597e4bf3e99860eac98211748e1ecb0e139 to bcac50ea0a29d430eedc5ac87b215393b567baa9 (excl.)
  • affected from c38c4597e4bf3e99860eac98211748e1ecb0e139 to ea01c1b219f5a11c66918abaa6f052e5a74041d6 (excl.)
  • affected from c38c4597e4bf3e99860eac98211748e1ecb0e139 to aa6cd4a8863391e0a64f62d8922cb0af732a2cf2 (excl.)
  • affected from c38c4597e4bf3e99860eac98211748e1ecb0e139 to c2d4a3abb15ca14716c6d8b9ffcbcd7c63626af4 (excl.)
  • affected from c38c4597e4bf3e99860eac98211748e1ecb0e139 to 673bbd36cba21d10a10f0932f479df7468e26fbb (excl.)
  • affected from c38c4597e4bf3e99860eac98211748e1ecb0e139 to f419bdc205894750f4d3ec042bc87a1b9cde1351 (excl.)
  • affected from c38c4597e4bf3e99860eac98211748e1ecb0e139 to 73124608172890306b85f2206d8b3cac20e324f1 (excl.)
  • affected from c38c4597e4bf3e99860eac98211748e1ecb0e139 to a958a4f90ddd7de0800b33ca9d7b886b7d40f74e (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 4.5 is affected
  • unaffected from 0 to 4.5 (excl.)
  • unaffected from 5.10.253 to 5.10.* (incl.)
  • unaffected from 5.15.203 to 5.15.* (incl.)
  • unaffected from 6.1.168 to 6.1.* (incl.)
  • unaffected from 6.6.134 to 6.6.* (incl.)
  • unaffected from 6.12.81 to 6.12.* (incl.)
  • unaffected from 6.18.22 to 6.18.* (incl.)
  • unaffected from 6.19.12 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References