7.1

CVE-2026-31407

EPSS 0.01%
Veröffentlicht 06.04.2026 08:16:38
Zuletzt bearbeitet 27.04.2026 14:16:36
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

netfilter: conntrack: add missing netlink policy validations

In the Linux kernel, the following vulnerability has been resolved:

netfilter: conntrack: add missing netlink policy validations

Hyunwoo Kim reports out-of-bounds access in sctp and ctnetlink.

These attributes are used by the kernel without any validation.
Extend the netlink policies accordingly.

Quoting the reporter:
  nlattr_to_sctp() assigns the user-supplied CTA_PROTOINFO_SCTP_STATE
  value directly to ct->proto.sctp.state without checking that it is
  within the valid range. [..]

  and: ... with exp->dir = 100, the access at
  ct->master->tuplehash[100] reads 5600 bytes past the start of a
  320-byte nf_conn object, causing a slab-out-of-bounds read confirmed by
  UBSAN.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

CNA 2 VulnDex Vulnerability Enrichment 13

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version a258860e01b80e8f554a4ab1a6c95e6042eb8b73

Version < c5e918390002edf0cff80a0e7ce1f86f16a9507c

Status affected

Version a258860e01b80e8f554a4ab1a6c95e6042eb8b73

Version < 9174d28f3f15d8c4962f5980c0be167633880443

Status affected

Version a258860e01b80e8f554a4ab1a6c95e6042eb8b73

Version < 67c53c1978cef3c504237275e39c857e2f6af56e

Status affected

Version a258860e01b80e8f554a4ab1a6c95e6042eb8b73

Version < 0fbae1e74493d5a160a70c51aeba035d8266ea7d

Status affected

Version a258860e01b80e8f554a4ab1a6c95e6042eb8b73

Version < f900e1d77ee0ef87bfb5ab3fe60f0b3d8ad5ba05

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.27

Status affected

Version 0

Version < 2.6.27

Status unaffected

Version <= 6.6.*

Version 6.6.136

Status unaffected

Version <= 6.12.*

Version 6.12.83

Status unaffected

Version <= 6.18.*

Version 6.18.24

Status unaffected

Version <= 6.19.*

Version 6.19.10

Status unaffected

Version <= *

Version 7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.009

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/0fbae1e74493d5a160a70c51aeba035d8266ea7d

https://git.kernel.org/stable/c/f900e1d77ee0ef87bfb5ab3fe60f0b3d8ad5ba05

https://git.kernel.org/stable/c/67c53c1978cef3c504237275e39c857e2f6af56e

https://git.kernel.org/stable/c/9174d28f3f15d8c4962f5980c0be167633880443

https://git.kernel.org/stable/c/c5e918390002edf0cff80a0e7ce1f86f16a9507c

https://nvd.nist.gov/vuln/detail/CVE-2026-31407

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-31407

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-31407

EUVD