CVE-2026-43329

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: flowtable: strictly check for maximum number of actions<br /> <br /> The maximum number of flowtable hardware offload actions in IPv6 is:<br /> <br /> * ethernet mangling (4 payload actions, 2 for each ethernet address)<br /> * SNAT (4 payload actions)<br /> * DNAT (4 payload actions)<br /> * Double VLAN (4 vlan actions, 2 for popping vlan, and 2 for pushing)<br /> for QinQ.<br /> * Redirect (1 action)<br /> <br /> Which makes 17, while the maximum is 16. But act_ct supports for tunnels<br /> actions too. Note that payload action operates at 32-bit word level, so<br /> mangling an IPv6 address takes 4 payload actions.<br /> <br /> Update flow_action_entry_next() calls to check for the maximum number of<br /> supported actions.<br /> <br /> While at it, rise the maximum number of actions per flow from 16 to 24<br /> so this works fine with IPv6 setups.