{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "c29f74e0df7a02b8303bcdce93a7c0132d62577a"
            },
            {
              "fixed": "ead66c77303f760f6c30be96e2e20d5a77cef614"
            },
            {
              "fixed": "fe9018d3e94329f1951b00805a8640bc06f56ead"
            },
            {
              "fixed": "5382bb03e9c33b089d60788478b922a2dca284cc"
            },
            {
              "fixed": "57c78bd2e2dd08897acd35b2bf8bcef322e36f5e"
            },
            {
              "fixed": "504c9456699dcf4d15195ef34a0fa94a80bfc877"
            },
            {
              "fixed": "879959a7a2be814dd57568655eafa3d8f4d0309e"
            },
            {
              "fixed": "76522fcdbc3a02b568f5d957f7e66fc194abb893"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.5.0"
            },
            {
              "fixed": "5.15.203"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "5.16.0"
            },
            {
              "fixed": "6.1.168"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.2.0"
            },
            {
              "fixed": "6.6.134"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.7.0"
            },
            {
              "fixed": "6.12.81"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.13.0"
            },
            {
              "fixed": "6.18.22"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.19.0"
            },
            {
              "fixed": "6.19.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43329.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: strictly check for maximum number of actions\n\nThe maximum number of flowtable hardware offload actions in IPv6 is:\n\n* ethernet mangling (4 payload actions, 2 for each ethernet address)\n* SNAT (4 payload actions)\n* DNAT (4 payload actions)\n* Double VLAN (4 vlan actions, 2 for popping vlan, and 2 for pushing)\n  for QinQ.\n* Redirect (1 action)\n\nWhich makes 17, while the maximum is 16. But act_ct supports for tunnels\nactions too. Note that payload action operates at 32-bit word level, so\nmangling an IPv6 address takes 4 payload actions.\n\nUpdate flow_action_entry_next() calls to check for the maximum number of\nsupported actions.\n\nWhile at it, rise the maximum number of actions per flow from 16 to 24\nso this works fine with IPv6 setups.",
  "id": "CVE-2026-43329",
  "modified": "2026-07-09T03:51:49.314720101Z",
  "published": "2026-05-08T13:31:17.479Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/504c9456699dcf4d15195ef34a0fa94a80bfc877"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5382bb03e9c33b089d60788478b922a2dca284cc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/57c78bd2e2dd08897acd35b2bf8bcef322e36f5e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/76522fcdbc3a02b568f5d957f7e66fc194abb893"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/879959a7a2be814dd57568655eafa3d8f4d0309e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ead66c77303f760f6c30be96e2e20d5a77cef614"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fe9018d3e94329f1951b00805a8640bc06f56ead"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43329.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:23329"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:26427"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:26428"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:27713"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:30848"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:33215"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:33899"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:33900"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:34094"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:34095"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:35863"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:35896"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/security/cve/CVE-2026-43329"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43329.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43329"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468124"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.5",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "netfilter: flowtable: strictly check for maximum number of actions"
}