Unpatched Linux kernel versions with netfilter nfnetlink_log enabled
Summary
This flaw is in the Linux kernel's netfilter nfnetlink_log subsystem. A follow-up fix for an older bug failed to account for netlink header size when calculating NLMSG_DONE message size. This results in warning splats and dropped netlink messages, which can impact system and network filtering stability.
Remediation
Install the latest official Linux kernel security update that addresses this issue. Deploy the patch to all affected systems after proper testing. Monitor system logs for any related error messages that may indicate exploitation attempts.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.