Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: add missing netlink policy validations Hyunwoo Kim reports out-of-bounds access in sctp and ctnetlink. These attributes are used by the kernel without any validation. Extend the netlink policies accordingly. Quoting the reporter: nlattr_to_sctp() assigns the user-supplied CTA_PROTOINFO_SCTP_STATE value directly to ct->proto.sctp.state without checking that it is within the valid range. [..] and: ... with exp->dir = 100, the access at ct->master->tuplehash[100] reads 5600 bytes past the start of a 320-byte nf_conn object, causing a slab-out-of-bounds read confirmed by UBSAN.

INFO

Published Date :

2026-04-06T07:38:19.712Z

Last Modified :

2026-04-06T07:38:19.712Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-31407 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-31407.

URL Resource
https://git.kernel.org/stable/c/0fbae1e74493d5a160a70c51aeba035d8266ea7d cve-icon cve-icon
https://git.kernel.org/stable/c/f900e1d77ee0ef87bfb5ab3fe60f0b3d8ad5ba05 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026040628-CVE-2026-31407-6abd@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-31407 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-31407 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact