{"id":"CVE-2026-43329","summary":"netfilter: flowtable: strictly check for maximum number of actions","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: strictly check for maximum number of actions\n\nThe maximum number of flowtable hardware offload actions in IPv6 is:\n\n* ethernet mangling (4 payload actions, 2 for each ethernet address)\n* SNAT (4 payload actions)\n* DNAT (4 payload actions)\n* Double VLAN (4 vlan actions, 2 for popping vlan, and 2 for pushing)\n  for QinQ.\n* Redirect (1 action)\n\nWhich makes 17, while the maximum is 16. But act_ct supports for tunnels\nactions too. Note that payload action operates at 32-bit word level, so\nmangling an IPv6 address takes 4 payload actions.\n\nUpdate flow_action_entry_next() calls to check for the maximum number of\nsupported actions.\n\nWhile at it, rise the maximum number of actions per flow from 16 to 24\nso this works fine with IPv6 setups.","modified":"2026-06-08T11:44:16.550258536Z","published":"2026-05-08T13:31:17.479Z","related":["ALSA-2026:23329","SUSE-SU-2026:2111-1","SUSE-SU-2026:21841-1","SUSE-SU-2026:21845-1","SUSE-SU-2026:21860-1","SUSE-SU-2026:21876-1","SUSE-SU-2026:21877-1","SUSE-SU-2026:21916-1","SUSE-SU-2026:21919-1","SUSE-SU-2026:2195-1","SUSE-SU-2026:2202-1","SUSE-SU-2026:2215-1","SUSE-SU-2026:2216-1","SUSE-SU-2026:2217-1","SUSE-SU-2026:2238-1","openSUSE-SU-2026:20826-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43329.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/504c9456699dcf4d15195ef34a0fa94a80bfc877"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5382bb03e9c33b089d60788478b922a2dca284cc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/57c78bd2e2dd08897acd35b2bf8bcef322e36f5e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/76522fcdbc3a02b568f5d957f7e66fc194abb893"},{"type":"WEB","url":"https://git.kernel.org/stable/c/879959a7a2be814dd57568655eafa3d8f4d0309e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ead66c77303f760f6c30be96e2e20d5a77cef614"},{"type":"WEB","url":"https://git.kernel.org/stable/c/fe9018d3e94329f1951b00805a8640bc06f56ead"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43329.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43329"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c29f74e0df7a02b8303bcdce93a7c0132d62577a"},{"fixed":"ead66c77303f760f6c30be96e2e20d5a77cef614"},{"fixed":"fe9018d3e94329f1951b00805a8640bc06f56ead"},{"fixed":"5382bb03e9c33b089d60788478b922a2dca284cc"},{"fixed":"57c78bd2e2dd08897acd35b2bf8bcef322e36f5e"},{"fixed":"504c9456699dcf4d15195ef34a0fa94a80bfc877"},{"fixed":"879959a7a2be814dd57568655eafa3d8f4d0309e"},{"fixed":"76522fcdbc3a02b568f5d957f7e66fc194abb893"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43329.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.15.203"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.168"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.134"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.81"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.22"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.12"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43329.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}