Out-of-Bounds Access Vulnerability in Linux Kernel Affecting Netfilter
CVE-2026-31407

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 April 2026

What is CVE-2026-31407?

In the Linux kernel, an out-of-bounds access vulnerability exists within the netfilter subsystem. Specifically, parameters utilized by the kernel were subjected to insufficient validation, which could lead to unauthorized access beyond the intended memory boundaries. Affected functions in the sctp and ctnetlink modules fail to validate user-supplied attributes properly, risking access to memory regions outside of the designated limits. Proper netlink policy enforcement is essential to prevent potential exploitation of this vulnerability, as direct assignment of user inputs to kernel space memory without validation can result in severe stability and security implications.

Affected Version(s)

Linux a258860e01b80e8f554a4ab1a6c95e6042eb8b73 < 0fbae1e74493d5a160a70c51aeba035d8266ea7d

Linux a258860e01b80e8f554a4ab1a6c95e6042eb8b73

Linux 2.6.27

References

https://git.kernel.org/stable/c/0fbae1e74493d5a160a70c51a...

https://git.kernel.org/stable/c/f900e1d77ee0ef87bfb5ab3fe...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31407 Data

JSON