Linux Kernel Vulnerability in Netfilter Affecting ipset Functionality
CVE-2026-31418

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 13 April 2026

What is CVE-2026-31418?

A vulnerability in the Linux kernel's netfilter module affects the ipset functionality, specifically within the mtype_del() function. This issue arises when empty slots in the data structure are not appropriately counted and released. The function only deletes a bucket if both n->pos and k are zero, which can lead to improper memory management. This oversight can allow for potentially unwarranted memory retention, complicating resource usage and performance. Proper handling of empty buckets, when all positions below n->pos are unused, is recommended to enhance system stability and security.

Affected Version(s)

Linux 8af1c6fbd9239877998c7f5a591cb2c88d41fb66

Linux 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 < 6cea34d7ec6829b62f521a37a287f670144a2233

Linux 8af1c6fbd9239877998c7f5a591cb2c88d41fb66

References

https://git.kernel.org/stable/c/ad92ee87462f9a3061361d392...

https://git.kernel.org/stable/c/6cea34d7ec6829b62f521a37a...

https://git.kernel.org/stable/c/b7eef00f08b92b0b9efe8ae0d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31418 Data

JSON