CVE-2026-31407 — Out-of-bounds Read in Linux
Severity
5.5MEDIUM
No vectorEPSS
0.0%
top 98.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 6
Description
In the Linux kernel, the following vulnerability has been resolved:
netfilter: conntrack: add missing netlink policy validations
Hyunwoo Kim reports out-of-bounds access in sctp and ctnetlink.
These attributes are used by the kernel without any validation.
Extend the netlink policies accordingly.
Quoting the reporter:
nlattr_to_sctp() assigns the user-supplied CTA_PROTOINFO_SCTP_STATE
value directly to ct->proto.sctp.state without checking that it is
within the valid range. [..]
and: ... wi…
Affected Packages4 packages
▶CVEListV5linux/linuxa258860e01b80e8f554a4ab1a6c95e6042eb8b73 — 0fbae1e74493d5a160a70c51aeba035d8266ea7d+2
🔴Vulnerability Details
2GHSA▶
GHSA-cf8w-8g67-48gv: In the Linux kernel, the following vulnerability has been resolved:
netfilter: conntrack: add missing netlink policy validations
Hyunwoo Kim reports↗2026-04-06
OSV▶
CVE-2026-31407: In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: add missing netlink policy validations Hyunwoo Kim reports o↗2026-04-06
📋Vendor Advisories
3🕵️Threat Intelligence
1345💬Community
1Bugzilla
▶