5.5

CVE-2026-31428

netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD

__build_packet_message() manually constructs the NFULA_PAYLOAD netlink
attribute using skb_put() and skb_copy_bits(), bypassing the standard
nla_reserve()/nla_put() helpers. While nla_total_size(data_len) bytes
are allocated (including NLA alignment padding), only data_len bytes
of actual packet data are copied. The trailing nla_padlen(data_len)
bytes (1-3 when data_len is not 4-byte aligned) are never initialized,
leaking stale heap contents to userspace via the NFLOG netlink socket.

Replace the manual attribute construction with nla_reserve(), which
handles the tailroom check, header setup, and padding zeroing via
__nla_reserve(). The subsequent skb_copy_bits() fills in the payload
data on top of the properly initialized attribute.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.24 < 5.10.253
LinuxLinux Kernel Version >= 5.11 < 5.15.203
LinuxLinux Kernel Version >= 5.16 < 6.1.168
LinuxLinux Kernel Version >= 6.2 < 6.6.131
LinuxLinux Kernel Version >= 6.7 < 6.12.80
LinuxLinux Kernel Version >= 6.13 < 6.18.21
LinuxLinux Kernel Version >= 6.19 < 6.19.11
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
LinuxLinux Kernel Version7.0 Updaterc3
LinuxLinux Kernel Version7.0 Updaterc4
LinuxLinux Kernel Version7.0 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.025
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/fc961dd7272b5e4a462999635e44a4770d7f2482
Patch
https://git.kernel.org/stable/c/a8365d1064ded323797c5e28e91070c52f44b76c
Patch
https://git.kernel.org/stable/c/a2f6ff3444b663d6cfa63eadd61327a18592885a
Patch
https://git.kernel.org/stable/c/c9f6c51d36482805ac3ffadb9663fe775a13e926
Patch
https://git.kernel.org/stable/c/7eff72968161fb8ddb26113344de3b92fb7d7ef5
Patch
https://git.kernel.org/stable/c/52025ebaa29f4eb4ed8bf92ce83a68f24ab7fdf7
Patch
https://git.kernel.org/stable/c/21d8efda029948d3666b0db5afcc0d36c0984aae
Patch
https://git.kernel.org/stable/c/7f3e5d72455936f42709116fabeca3bb216cda62
Patch