-

CVE-2026-31427

EPSS 0.04%
Veröffentlicht 13.04.2026 13:40:30
Zuletzt bearbeitet 18.04.2026 09:16:32
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp

process_sdp() declares union nf_inet_addr rtp_addr on the stack and
passes it to the nf_nat_sip sdp_session hook after walking the SDP
media descriptions. However rtp_addr is only initialized inside the
media loop when a recognized media type with a non-zero port is found.

If the SDP body contains no m= lines, only inactive media sections
(m=audio 0 ...) or only unrecognized media types, rtp_addr is never
assigned. Despite that, the function still calls hooks->sdp_session()
with &rtp_addr, causing nf_nat_sdp_session() to format the stale stack
value as an IP address and rewrite the SDP session owner and connection
lines with it.

With CONFIG_INIT_STACK_ALL_ZERO (default on most distributions) this
results in the session-level o= and c= addresses being rewritten to
0.0.0.0 for inactive SDP sessions. Without stack auto-init the
rewritten address is whatever happened to be on the stack.

Fix this by pre-initializing rtp_addr from the session-level connection
address (caddr) when available, and tracking via a have_rtp_addr flag
whether any valid address was established. Skip the sdp_session hook
entirely when no valid address exists.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

CNA 2 VulnDex Vulnerability Enrichment 13

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 4ab9e64e5e3c0516577818804aaf13a630d67bc9

Version < faa6ea32797a1847790514ff0da1be1d09771580

Status affected

Version 4ab9e64e5e3c0516577818804aaf13a630d67bc9

Version < 82baeb871e8f04906bc886273fdf0209e1754eb3

Status affected

Version 4ab9e64e5e3c0516577818804aaf13a630d67bc9

Version < 6e5e3c87b7e6212f1d8414fc2e4d158b01e12025

Status affected

Version 4ab9e64e5e3c0516577818804aaf13a630d67bc9

Version < fe463e76c9b4b0b43b5ee8961b4c500231f1a3f6

Status affected

Version 4ab9e64e5e3c0516577818804aaf13a630d67bc9

Version < 7edca70751b9bdb5b83eed53cde21eccf3c86147

Status affected

Version 4ab9e64e5e3c0516577818804aaf13a630d67bc9

Version < 01f34a80ac23ae90b1909b94b4ed05343a62f646

Status affected

Version 4ab9e64e5e3c0516577818804aaf13a630d67bc9

Version < 52fdda318ef2362fc5936385bcb8b3d0328ee629

Status affected

Version 4ab9e64e5e3c0516577818804aaf13a630d67bc9

Version < 6a2b724460cb67caed500c508c2ae5cf012e4db4

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.26

Status affected

Version 0

Version < 2.6.26

Status unaffected

Version <= 5.10.*

Version 5.10.253

Status unaffected

Version <= 5.15.*

Version 5.15.203

Status unaffected

Version <= 6.1.*

Version 6.1.168

Status unaffected

Version <= 6.6.*

Version 6.6.131

Status unaffected

Version <= 6.12.*

Version 6.12.80

Status unaffected

Version <= 6.18.*

Version 6.18.21

Status unaffected

Version <= 6.19.*

Version 6.19.11

Status unaffected

Version <= *

Version 7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.104

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/6e5e3c87b7e6212f1d8414fc2e4d158b01e12025

https://git.kernel.org/stable/c/fe463e76c9b4b0b43b5ee8961b4c500231f1a3f6

https://git.kernel.org/stable/c/7edca70751b9bdb5b83eed53cde21eccf3c86147

https://git.kernel.org/stable/c/01f34a80ac23ae90b1909b94b4ed05343a62f646

https://git.kernel.org/stable/c/52fdda318ef2362fc5936385bcb8b3d0328ee629

https://git.kernel.org/stable/c/6a2b724460cb67caed500c508c2ae5cf012e4db4

https://git.kernel.org/stable/c/82baeb871e8f04906bc886273fdf0209e1754eb3

https://git.kernel.org/stable/c/faa6ea32797a1847790514ff0da1be1d09771580

https://nvd.nist.gov/vuln/detail/CVE-2026-31427

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-31427

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-31427

EUVD