๐Ÿ” CVE Alert

CVE-2026-31407

HIGH 7.1

netfilter: conntrack: add missing netlink policy validations

CVSS Score
7.1
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: add missing netlink policy validations Hyunwoo Kim reports out-of-bounds access in sctp and ctnetlink. These attributes are used by the kernel without any validation. Extend the netlink policies accordingly. Quoting the reporter: nlattr_to_sctp() assigns the user-supplied CTA_PROTOINFO_SCTP_STATE value directly to ct->proto.sctp.state without checking that it is within the valid range. [..] and: ... with exp->dir = 100, the access at ct->master->tuplehash[100] reads 5600 bytes past the start of a 320-byte nf_conn object, causing a slab-out-of-bounds read confirmed by UBSAN.

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published Apr 6, 2026
Last Updated Jun 1, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Linux / Linux
a258860e01b80e8f554a4ab1a6c95e6042eb8b73 < e7b5766693477c52424cc6c79dd30a7a9c7db52c a258860e01b80e8f554a4ab1a6c95e6042eb8b73 < 78bba9f73942aa7dca47d817d8cec0fb9b443b70 a258860e01b80e8f554a4ab1a6c95e6042eb8b73 < be88a337bf07afb1ee173f1099294d1b7ab3fefe a258860e01b80e8f554a4ab1a6c95e6042eb8b73 < c5e918390002edf0cff80a0e7ce1f86f16a9507c a258860e01b80e8f554a4ab1a6c95e6042eb8b73 < 9174d28f3f15d8c4962f5980c0be167633880443 a258860e01b80e8f554a4ab1a6c95e6042eb8b73 < 67c53c1978cef3c504237275e39c857e2f6af56e a258860e01b80e8f554a4ab1a6c95e6042eb8b73 < 0fbae1e74493d5a160a70c51aeba035d8266ea7d a258860e01b80e8f554a4ab1a6c95e6042eb8b73 < f900e1d77ee0ef87bfb5ab3fe60f0b3d8ad5ba05
Linux / Linux
2.6.27

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/e7b5766693477c52424cc6c79dd30a7a9c7db52c git.kernel.org: https://git.kernel.org/stable/c/78bba9f73942aa7dca47d817d8cec0fb9b443b70 git.kernel.org: https://git.kernel.org/stable/c/be88a337bf07afb1ee173f1099294d1b7ab3fefe git.kernel.org: https://git.kernel.org/stable/c/c5e918390002edf0cff80a0e7ce1f86f16a9507c git.kernel.org: https://git.kernel.org/stable/c/9174d28f3f15d8c4962f5980c0be167633880443 git.kernel.org: https://git.kernel.org/stable/c/67c53c1978cef3c504237275e39c857e2f6af56e git.kernel.org: https://git.kernel.org/stable/c/0fbae1e74493d5a160a70c51aeba035d8266ea7d git.kernel.org: https://git.kernel.org/stable/c/f900e1d77ee0ef87bfb5ab3fe60f0b3d8ad5ba05