CVE-2026-43481

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net-shapers: don&amp;#39;t free reply skb after genlmsg_reply()<br /> <br /> genlmsg_reply() hands the reply skb to netlink, and<br /> netlink_unicast() consumes it on all return paths, whether the<br /> skb is queued successfully or freed on an error path.<br /> <br /> net_shaper_nl_get_doit() and net_shaper_nl_cap_get_doit()<br /> currently jump to free_msg after genlmsg_reply() fails and call<br /> nlmsg_free(msg), which can hit the same skb twice.<br /> <br /> Return the genlmsg_reply() error directly and keep free_msg<br /> only for pre-reply failures.