Linux Kernel Vulnerability in Nexthop Object Management
CVE-2026-31531

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 23 April 2026

What is CVE-2026-31531?

A vulnerability in the Linux kernel's nexthop management process can cause improper handling of network messages when querying large nexthop groups. The current fixed-size buffer allocation is inadequate for scenarios involving extensive equal-cost multipath configurations, resulting in warnings and potential resource exhaustion. The issue arises specifically with the RTM_GETNEXTHOP requests, where improvements in dynamic buffer allocation are required to rectify the limitations and enhance stability in network operations.

Affected Version(s)

Linux 430a049190de3c9e219f43084de9f1122da04570 < 615517f3f8d53b0cf41507c7599971e17adfdfa5

Linux 430a049190de3c9e219f43084de9f1122da04570 < 40bd39e383a0478fd5c221f393df05fd9d70cfbc

Linux 430a049190de3c9e219f43084de9f1122da04570 < 635038fe19db391117e66b46bdc2b6e447ac801d

References

https://git.kernel.org/stable/c/615517f3f8d53b0cf41507c75...

https://git.kernel.org/stable/c/40bd39e383a0478fd5c221f39...

https://git.kernel.org/stable/c/635038fe19db391117e66b46b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31531 Data

JSON