-

CVE-2026-31428

EPSS 0.04%
Veröffentlicht 13.04.2026 13:40:30
Zuletzt bearbeitet 18.04.2026 09:16:32
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD

__build_packet_message() manually constructs the NFULA_PAYLOAD netlink
attribute using skb_put() and skb_copy_bits(), bypassing the standard
nla_reserve()/nla_put() helpers. While nla_total_size(data_len) bytes
are allocated (including NLA alignment padding), only data_len bytes
of actual packet data are copied. The trailing nla_padlen(data_len)
bytes (1-3 when data_len is not 4-byte aligned) are never initialized,
leaking stale heap contents to userspace via the NFLOG netlink socket.

Replace the manual attribute construction with nla_reserve(), which
handles the tailroom check, header setup, and padding zeroing via
__nla_reserve(). The subsequent skb_copy_bits() fills in the payload
data on top of the properly initialized attribute.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

CNA 2 VulnDex Vulnerability Enrichment 13

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version df6fb868d6118686805c2fa566e213a8f31c8e4f

Version < 7f3e5d72455936f42709116fabeca3bb216cda62

Status affected

Version df6fb868d6118686805c2fa566e213a8f31c8e4f

Version < 21d8efda029948d3666b0db5afcc0d36c0984aae

Status affected

Version df6fb868d6118686805c2fa566e213a8f31c8e4f

Version < fc961dd7272b5e4a462999635e44a4770d7f2482

Status affected

Version df6fb868d6118686805c2fa566e213a8f31c8e4f

Version < a8365d1064ded323797c5e28e91070c52f44b76c

Status affected

Version df6fb868d6118686805c2fa566e213a8f31c8e4f

Version < a2f6ff3444b663d6cfa63eadd61327a18592885a

Status affected

Version df6fb868d6118686805c2fa566e213a8f31c8e4f

Version < c9f6c51d36482805ac3ffadb9663fe775a13e926

Status affected

Version df6fb868d6118686805c2fa566e213a8f31c8e4f

Version < 7eff72968161fb8ddb26113344de3b92fb7d7ef5

Status affected

Version df6fb868d6118686805c2fa566e213a8f31c8e4f

Version < 52025ebaa29f4eb4ed8bf92ce83a68f24ab7fdf7

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.24

Status affected

Version 0

Version < 2.6.24

Status unaffected

Version <= 5.10.*

Version 5.10.253

Status unaffected

Version <= 5.15.*

Version 5.15.203

Status unaffected

Version <= 6.1.*

Version 6.1.168

Status unaffected

Version <= 6.6.*

Version 6.6.131

Status unaffected

Version <= 6.12.*

Version 6.12.80

Status unaffected

Version <= 6.18.*

Version 6.18.21

Status unaffected

Version <= 6.19.*

Version 6.19.11

Status unaffected

Version <= *

Version 7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.104

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/fc961dd7272b5e4a462999635e44a4770d7f2482

https://git.kernel.org/stable/c/a8365d1064ded323797c5e28e91070c52f44b76c

https://git.kernel.org/stable/c/a2f6ff3444b663d6cfa63eadd61327a18592885a

https://git.kernel.org/stable/c/c9f6c51d36482805ac3ffadb9663fe775a13e926

https://git.kernel.org/stable/c/7eff72968161fb8ddb26113344de3b92fb7d7ef5

https://git.kernel.org/stable/c/52025ebaa29f4eb4ed8bf92ce83a68f24ab7fdf7

https://git.kernel.org/stable/c/21d8efda029948d3666b0db5afcc0d36c0984aae

https://git.kernel.org/stable/c/7f3e5d72455936f42709116fabeca3bb216cda62

https://nvd.nist.gov/vuln/detail/CVE-2026-31428

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-31428

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-31428

EUVD