CVE-2026-43452

In the Linux kernel, the following vulnerability has been resolved:

netfilter: x_tables: guard option walkers against 1-byte tail reads

When the last byte of options is a non-single-byte option kind, walkers
that advance with i += op[i + 1] ? : 1 can read op[i + 1] past the end
of the option area.

Add an explicit i == optlen – 1 check before dereferencing op[i + 1]
in xt_tcpudp and xt_dccp option walkers.

More information : https://git.kernel.org/stable/c/5b18b8b35c7cded2d17b2b2604c9b0694ff48d1c