Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0463
Vulnerability from certfr_avis - Published: 2026-04-20 - Updated: 2026-04-20
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure Linux | azl3 pytorch 2.2.2-12 versions antérieures à 2.2.2-14 | ||
| Microsoft | Azure Linux | azl3 sqlite 3.44.0-2 versions antérieures à 3.44.0-3 | ||
| Microsoft | Azure Linux | azl3 mesa 24.0.1-6 versions antérieures à 24.0.1-8 | ||
| Microsoft | Azure Linux | azl3 jq 1.7.1-4 versions antérieures à 1.7.1-5 | ||
| Microsoft | Azure Linux | azl3 kernel 6.6.130.1-3 versions antérieures à 6.6.134.1-1 | ||
| Microsoft | Azure Linux | azl3 cups 2.4.16-1 versions antérieures à 2.4.17-1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "azl3 pytorch 2.2.2-12 versions ant\u00e9rieures \u00e0 2.2.2-14",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 sqlite 3.44.0-2 versions ant\u00e9rieures \u00e0 3.44.0-3",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 mesa 24.0.1-6 versions ant\u00e9rieures \u00e0 24.0.1-8",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 jq 1.7.1-4 versions ant\u00e9rieures \u00e0 1.7.1-5",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel 6.6.130.1-3 versions ant\u00e9rieures \u00e0 6.6.134.1-1",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 cups 2.4.16-1 versions ant\u00e9rieures \u00e0 2.4.17-1",
"product": {
"name": "Azure Linux",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-40393",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40393"
},
{
"name": "CVE-2026-33947",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33947"
},
{
"name": "CVE-2026-39956",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39956"
},
{
"name": "CVE-2026-34446",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34446"
},
{
"name": "CVE-2026-31416",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31416"
},
{
"name": "CVE-2026-39314",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39314"
},
{
"name": "CVE-2026-31408",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31408"
},
{
"name": "CVE-2026-34978",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34978"
},
{
"name": "CVE-2026-34990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34990"
},
{
"name": "CVE-2026-31422",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31422"
},
{
"name": "CVE-2026-33948",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33948"
},
{
"name": "CVE-2026-31418",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31418"
},
{
"name": "CVE-2026-31427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31427"
},
{
"name": "CVE-2026-31423",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31423"
},
{
"name": "CVE-2026-27447",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27447"
},
{
"name": "CVE-2026-39979",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39979"
},
{
"name": "CVE-2026-34979",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34979"
},
{
"name": "CVE-2026-39316",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39316"
},
{
"name": "CVE-2026-40164",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40164"
},
{
"name": "CVE-2026-31421",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31421"
},
{
"name": "CVE-2026-31417",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31417"
},
{
"name": "CVE-2025-70873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-70873"
},
{
"name": "CVE-2026-31414",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31414"
},
{
"name": "CVE-2026-31426",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31426"
},
{
"name": "CVE-2026-34980",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34980"
},
{
"name": "CVE-2026-32316",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32316"
},
{
"name": "CVE-2026-31428",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31428"
},
{
"name": "CVE-2026-34445",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34445"
},
{
"name": "CVE-2026-31424",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31424"
}
],
"initial_release_date": "2026-04-20T00:00:00",
"last_revision_date": "2026-04-20T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0463",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-31424",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31424"
},
{
"published_at": "2026-04-17",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33947",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33947"
},
{
"published_at": "2026-04-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-31408",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31408"
},
{
"published_at": "2026-04-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-34979",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34979"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-31414",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31414"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-31418",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31418"
},
{
"published_at": "2026-04-17",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-32316",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32316"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-31427",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31427"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-31421",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31421"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-31417",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31417"
},
{
"published_at": "2026-04-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-27447",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27447"
},
{
"published_at": "2026-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-39316",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-39316"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-40393",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40393"
},
{
"published_at": "2026-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-39314",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-39314"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-31426",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31426"
},
{
"published_at": "2026-04-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-34990",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34990"
},
{
"published_at": "2026-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-34446",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34446"
},
{
"published_at": "2026-04-18",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-70873",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-70873"
},
{
"published_at": "2026-04-17",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-39956",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-39956"
},
{
"published_at": "2026-04-17",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-40164",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40164"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-31416",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31416"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-31423",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31423"
},
{
"published_at": "2026-04-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-34978",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34978"
},
{
"published_at": "2026-04-17",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33948",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33948"
},
{
"published_at": "2026-04-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-34980",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34980"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-31428",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31428"
},
{
"published_at": "2026-04-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-31422",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31422"
},
{
"published_at": "2026-04-17",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-39979",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-39979"
},
{
"published_at": "2026-04-09",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-34445",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34445"
}
]
}
CVE-2025-70873 (GCVE-0-2025-70873)
Vulnerability from cvelistv5 – Published: 2026-03-12 00:00 – Updated: 2026-03-14 03:35
VLAI
EPSS
Summary
An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-70873",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-14T03:33:48.480447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-244",
"description": "CWE-244 Improper Clearing of Heap Memory Before Release (\u0027Heap Inspection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-14T03:35:18.796Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure issue in the zipfileInflate function in the zipfile extension in SQLite v3.51.1 and earlier allows attackers to obtain heap memory via supplying a crafted ZIP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T18:44:30.960Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://sqlite.org/forum/forumpost/761eac3c82"
},
{
"url": "https://sqlite.org/src/info/3d459f1fb1bd1b5e"
},
{
"url": "https://gist.github.com/cnwangjihe/f496393f30f5ecec5b18c8f5ab072054"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-70873",
"datePublished": "2026-03-12T00:00:00.000Z",
"dateReserved": "2026-01-09T00:00:00.000Z",
"dateUpdated": "2026-03-14T03:35:18.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27447 (GCVE-0-2026-27447)
Vulnerability from cvelistv5 – Published: 2026-04-03 21:11 – Updated: 2026-04-06 18:50
VLAI
EPSS
Title
OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup
Summary
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.
Severity
4.8 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/OpenPrinting/cups/security/adv… | x_refsource_CONFIRM |
| https://github.com/OpenPrinting/cups/commit/88516… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OpenPrinting | cups |
Affected:
<= 2.4.16
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27447",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T18:49:46.413933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T18:50:21.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cups",
"vendor": "OpenPrinting",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.4.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T21:11:59.734Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9"
},
{
"name": "https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220"
}
],
"source": {
"advisory": "GHSA-v987-m8hp-phj9",
"discovery": "UNKNOWN"
},
"title": "OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27447",
"datePublished": "2026-04-03T21:11:59.734Z",
"dateReserved": "2026-02-19T17:25:31.100Z",
"dateUpdated": "2026-04-06T18:50:21.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31408 (GCVE-0-2026-31408)
Vulnerability from cvelistv5 – Published: 2026-04-06 07:38 – Updated: 2026-05-11 22:08
VLAI
EPSS
Title
Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold
sco_recv_frame() reads conn->sk under sco_conn_lock() but immediately
releases the lock without holding a reference to the socket. A concurrent
close() can free the socket between the lock release and the subsequent
sk->sk_state access, resulting in a use-after-free.
Other functions in the same file (sco_sock_timeout(), sco_conn_del())
correctly use sco_sock_hold() to safely hold a reference under the lock.
Fix by using sco_sock_hold() to take a reference before releasing the
lock, and adding sock_put() on all exit paths.
Severity
8.8 (High)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/d57384e27d1ebf004… | |
| https://git.kernel.org/stable/c/b0a7da0e3f7442545… | |
| https://git.kernel.org/stable/c/45aaca995e4a7a05b… | |
| https://git.kernel.org/stable/c/108b81514d8f2535e… | |
| https://git.kernel.org/stable/c/7197462e90b8ce15c… | |
| https://git.kernel.org/stable/c/e76e8f0581ef555ea… | |
| https://git.kernel.org/stable/c/598dbba9919c5e36c… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d57384e27d1ebf0047e3f00a6e1181b8be9857a2
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b0a7da0e3f7442545f071499beb36374714bb9de (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 45aaca995e4a7a05b272a58e7ab2fff4f611b8f1 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 108b81514d8f2535eb16651495cefb2250528db3 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7197462e90b8ce15caa1ae15d4bc2bb8cd21b11e (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e76e8f0581ef555eacc11dbb095e602fb30a5361 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 598dbba9919c5e36c54fe1709b557d64120cb94b (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 5.15.203 , ≤ 5.15.* (semver) Unaffected: 6.1.168 , ≤ 6.1.* (semver) Unaffected: 6.6.131 , ≤ 6.6.* (semver) Unaffected: 6.12.80 , ≤ 6.12.* (semver) Unaffected: 6.18.21 , ≤ 6.18.* (semver) Unaffected: 6.19.11 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/bluetooth/sco.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d57384e27d1ebf0047e3f00a6e1181b8be9857a2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b0a7da0e3f7442545f071499beb36374714bb9de",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "45aaca995e4a7a05b272a58e7ab2fff4f611b8f1",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "108b81514d8f2535eb16651495cefb2250528db3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7197462e90b8ce15caa1ae15d4bc2bb8cd21b11e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "e76e8f0581ef555eacc11dbb095e602fb30a5361",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "598dbba9919c5e36c54fe1709b557d64120cb94b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/bluetooth/sco.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.203",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.131",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.203",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.168",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.131",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.80",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.21",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.11",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold\n\nsco_recv_frame() reads conn-\u003esk under sco_conn_lock() but immediately\nreleases the lock without holding a reference to the socket. A concurrent\nclose() can free the socket between the lock release and the subsequent\nsk-\u003esk_state access, resulting in a use-after-free.\n\nOther functions in the same file (sco_sock_timeout(), sco_conn_del())\ncorrectly use sco_sock_hold() to safely hold a reference under the lock.\n\nFix by using sco_sock_hold() to take a reference before releasing the\nlock, and adding sock_put() on all exit paths."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:08:07.990Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d57384e27d1ebf0047e3f00a6e1181b8be9857a2"
},
{
"url": "https://git.kernel.org/stable/c/b0a7da0e3f7442545f071499beb36374714bb9de"
},
{
"url": "https://git.kernel.org/stable/c/45aaca995e4a7a05b272a58e7ab2fff4f611b8f1"
},
{
"url": "https://git.kernel.org/stable/c/108b81514d8f2535eb16651495cefb2250528db3"
},
{
"url": "https://git.kernel.org/stable/c/7197462e90b8ce15caa1ae15d4bc2bb8cd21b11e"
},
{
"url": "https://git.kernel.org/stable/c/e76e8f0581ef555eacc11dbb095e602fb30a5361"
},
{
"url": "https://git.kernel.org/stable/c/598dbba9919c5e36c54fe1709b557d64120cb94b"
}
],
"title": "Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-31408",
"datePublished": "2026-04-06T07:38:20.533Z",
"dateReserved": "2026-03-09T15:48:24.086Z",
"dateUpdated": "2026-05-11T22:08:07.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31414 (GCVE-0-2026-31414)
Vulnerability from cvelistv5 – Published: 2026-04-13 13:21 – Updated: 2026-05-11 22:08
VLAI
EPSS
Title
netfilter: nf_conntrack_expect: use expect->helper
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_expect: use expect->helper
Use expect->helper in ctnetlink and /proc to dump the helper name.
Using nfct_help() without holding a reference to the master conntrack
is unsafe.
Use exp->master->helper in ctnetlink path if userspace does not provide
an explicit helper when creating an expectation to retain the existing
behaviour. The ctnetlink expectation path holds the reference on the
master conntrack and nf_conntrack_expect lock and the nfnetlink glue
path refers to the master ct that is attached to the skb.
Severity
9.8 (Critical)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/847cb7fe26c5ce5dc… | |
| https://git.kernel.org/stable/c/e7ccaa0a62a8ff2be… | |
| https://git.kernel.org/stable/c/4bd1b3d839172724b… | |
| https://git.kernel.org/stable/c/b53294bff19e56ada… | |
| https://git.kernel.org/stable/c/3dfd3f7712b5a800f… | |
| https://git.kernel.org/stable/c/f01794106042ee27e… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
ea781f197d6a835cbb93a0bf88ee1696296ed8aa , < 847cb7fe26c5ce5dce0d1a41fac1ea488b7f1781
(git)
Affected: ea781f197d6a835cbb93a0bf88ee1696296ed8aa , < e7ccaa0a62a8ff2be5d521299ce79390c318d306 (git) Affected: ea781f197d6a835cbb93a0bf88ee1696296ed8aa , < 4bd1b3d839172724b33d8d02c5a4ff6a1c775417 (git) Affected: ea781f197d6a835cbb93a0bf88ee1696296ed8aa , < b53294bff19e56ada2f230ceb8b1ffde61cc3817 (git) Affected: ea781f197d6a835cbb93a0bf88ee1696296ed8aa , < 3dfd3f7712b5a800f2ba632179e9b738076a51f0 (git) Affected: ea781f197d6a835cbb93a0bf88ee1696296ed8aa , < f01794106042ee27e54af6fdf5b319a2fe3df94d (git) |
|
| Linux | Linux |
Affected:
2.6.30
Unaffected: 0 , < 2.6.30 (semver) Unaffected: 6.1.168 , ≤ 6.1.* (semver) Unaffected: 6.6.134 , ≤ 6.6.* (semver) Unaffected: 6.12.81 , ≤ 6.12.* (semver) Unaffected: 6.18.22 , ≤ 6.18.* (semver) Unaffected: 6.19.12 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_conntrack_expect.c",
"net/netfilter/nf_conntrack_helper.c",
"net/netfilter/nf_conntrack_netlink.c",
"net/netfilter/nf_conntrack_sip.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "847cb7fe26c5ce5dce0d1a41fac1ea488b7f1781",
"status": "affected",
"version": "ea781f197d6a835cbb93a0bf88ee1696296ed8aa",
"versionType": "git"
},
{
"lessThan": "e7ccaa0a62a8ff2be5d521299ce79390c318d306",
"status": "affected",
"version": "ea781f197d6a835cbb93a0bf88ee1696296ed8aa",
"versionType": "git"
},
{
"lessThan": "4bd1b3d839172724b33d8d02c5a4ff6a1c775417",
"status": "affected",
"version": "ea781f197d6a835cbb93a0bf88ee1696296ed8aa",
"versionType": "git"
},
{
"lessThan": "b53294bff19e56ada2f230ceb8b1ffde61cc3817",
"status": "affected",
"version": "ea781f197d6a835cbb93a0bf88ee1696296ed8aa",
"versionType": "git"
},
{
"lessThan": "3dfd3f7712b5a800f2ba632179e9b738076a51f0",
"status": "affected",
"version": "ea781f197d6a835cbb93a0bf88ee1696296ed8aa",
"versionType": "git"
},
{
"lessThan": "f01794106042ee27e54af6fdf5b319a2fe3df94d",
"status": "affected",
"version": "ea781f197d6a835cbb93a0bf88ee1696296ed8aa",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_conntrack_expect.c",
"net/netfilter/nf_conntrack_helper.c",
"net/netfilter/nf_conntrack_netlink.c",
"net/netfilter/nf_conntrack_sip.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.30"
},
{
"lessThan": "2.6.30",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.134",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.168",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.134",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.81",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.22",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.12",
"versionStartIncluding": "2.6.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "2.6.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_expect: use expect-\u003ehelper\n\nUse expect-\u003ehelper in ctnetlink and /proc to dump the helper name.\nUsing nfct_help() without holding a reference to the master conntrack\nis unsafe.\n\nUse exp-\u003emaster-\u003ehelper in ctnetlink path if userspace does not provide\nan explicit helper when creating an expectation to retain the existing\nbehaviour. The ctnetlink expectation path holds the reference on the\nmaster conntrack and nf_conntrack_expect lock and the nfnetlink glue\npath refers to the master ct that is attached to the skb."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:08:14.965Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/847cb7fe26c5ce5dce0d1a41fac1ea488b7f1781"
},
{
"url": "https://git.kernel.org/stable/c/e7ccaa0a62a8ff2be5d521299ce79390c318d306"
},
{
"url": "https://git.kernel.org/stable/c/4bd1b3d839172724b33d8d02c5a4ff6a1c775417"
},
{
"url": "https://git.kernel.org/stable/c/b53294bff19e56ada2f230ceb8b1ffde61cc3817"
},
{
"url": "https://git.kernel.org/stable/c/3dfd3f7712b5a800f2ba632179e9b738076a51f0"
},
{
"url": "https://git.kernel.org/stable/c/f01794106042ee27e54af6fdf5b319a2fe3df94d"
}
],
"title": "netfilter: nf_conntrack_expect: use expect-\u003ehelper",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-31414",
"datePublished": "2026-04-13T13:21:02.592Z",
"dateReserved": "2026-03-09T15:48:24.087Z",
"dateUpdated": "2026-05-11T22:08:14.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31416 (GCVE-0-2026-31416)
Vulnerability from cvelistv5 – Published: 2026-04-13 13:21 – Updated: 2026-05-23 16:04
VLAI
EPSS
Title
netfilter: nfnetlink_log: account for netlink header size
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_log: account for netlink header size
This is a followup to an old bug fix: NLMSG_DONE needs to account
for the netlink header size, not just the attribute size.
This can result in a WARN splat + drop of the netlink message,
but other than this there are no ill effects.
Severity
No CVSS data available.
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/4ec216410fac9de83… | |
| https://git.kernel.org/stable/c/09883bf257f4243ed… | |
| https://git.kernel.org/stable/c/761b45c661af48da6… | |
| https://git.kernel.org/stable/c/607245c4dbb86d9a1… | |
| https://git.kernel.org/stable/c/6b419700e459fbf70… | |
| https://git.kernel.org/stable/c/88a8f56e6276f616b… | |
| https://git.kernel.org/stable/c/f08ffa3e1c8e36b61… | |
| https://git.kernel.org/stable/c/6d52a4a0520a6696b… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
9dfa1dfe4d5e5e66a991321ab08afe69759d797a , < 4ec216410fac9de83c99177a160ebb8d42fad075
(git)
Affected: 9dfa1dfe4d5e5e66a991321ab08afe69759d797a , < 09883bf257f4243ed5a1fd35078ec6f0d0f3696a (git) Affected: 9dfa1dfe4d5e5e66a991321ab08afe69759d797a , < 761b45c661af48da6a065868d59ab1e1f64fd9b6 (git) Affected: 9dfa1dfe4d5e5e66a991321ab08afe69759d797a , < 607245c4dbb86d9a10dd8388da0fb82170a99b61 (git) Affected: 9dfa1dfe4d5e5e66a991321ab08afe69759d797a , < 6b419700e459fbf707ca1543b7c1b57a60fedb73 (git) Affected: 9dfa1dfe4d5e5e66a991321ab08afe69759d797a , < 88a8f56e6276f616baad4274c6b8e4683e26e520 (git) Affected: 9dfa1dfe4d5e5e66a991321ab08afe69759d797a , < f08ffa3e1c8e36b6131f69c5eb23700c28cbd262 (git) Affected: 9dfa1dfe4d5e5e66a991321ab08afe69759d797a , < 6d52a4a0520a6696bdde51caa11f2d6821cd0c01 (git) Affected: 3a758a2b78da2f49f7165678faf999e946a0c4b5 (git) Affected: 131172845aa2c804ffa9423455aee585061ea35e (git) Affected: b1fef6b81871a396f3b8702077333e769673c87b (git) Affected: add9183d993c12fb61ce0a674a424341d5be5b36 (git) Affected: 3.10.61 , < 3.11 (semver) Affected: 3.12.34 , < 3.13 (semver) Affected: 3.14.25 , < 3.15 (semver) Affected: 3.17.4 , < 3.18 (semver) |
|
| Linux | Linux |
Affected:
3.18
Unaffected: 0 , < 3.18 (semver) Unaffected: 5.10.253 , ≤ 5.10.* (semver) Unaffected: 5.15.203 , ≤ 5.15.* (semver) Unaffected: 6.1.168 , ≤ 6.1.* (semver) Unaffected: 6.6.134 , ≤ 6.6.* (semver) Unaffected: 6.12.81 , ≤ 6.12.* (semver) Unaffected: 6.18.22 , ≤ 6.18.* (semver) Unaffected: 6.19.12 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nfnetlink_log.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4ec216410fac9de83c99177a160ebb8d42fad075",
"status": "affected",
"version": "9dfa1dfe4d5e5e66a991321ab08afe69759d797a",
"versionType": "git"
},
{
"lessThan": "09883bf257f4243ed5a1fd35078ec6f0d0f3696a",
"status": "affected",
"version": "9dfa1dfe4d5e5e66a991321ab08afe69759d797a",
"versionType": "git"
},
{
"lessThan": "761b45c661af48da6a065868d59ab1e1f64fd9b6",
"status": "affected",
"version": "9dfa1dfe4d5e5e66a991321ab08afe69759d797a",
"versionType": "git"
},
{
"lessThan": "607245c4dbb86d9a10dd8388da0fb82170a99b61",
"status": "affected",
"version": "9dfa1dfe4d5e5e66a991321ab08afe69759d797a",
"versionType": "git"
},
{
"lessThan": "6b419700e459fbf707ca1543b7c1b57a60fedb73",
"status": "affected",
"version": "9dfa1dfe4d5e5e66a991321ab08afe69759d797a",
"versionType": "git"
},
{
"lessThan": "88a8f56e6276f616baad4274c6b8e4683e26e520",
"status": "affected",
"version": "9dfa1dfe4d5e5e66a991321ab08afe69759d797a",
"versionType": "git"
},
{
"lessThan": "f08ffa3e1c8e36b6131f69c5eb23700c28cbd262",
"status": "affected",
"version": "9dfa1dfe4d5e5e66a991321ab08afe69759d797a",
"versionType": "git"
},
{
"lessThan": "6d52a4a0520a6696bdde51caa11f2d6821cd0c01",
"status": "affected",
"version": "9dfa1dfe4d5e5e66a991321ab08afe69759d797a",
"versionType": "git"
},
{
"status": "affected",
"version": "3a758a2b78da2f49f7165678faf999e946a0c4b5",
"versionType": "git"
},
{
"status": "affected",
"version": "131172845aa2c804ffa9423455aee585061ea35e",
"versionType": "git"
},
{
"status": "affected",
"version": "b1fef6b81871a396f3b8702077333e769673c87b",
"versionType": "git"
},
{
"status": "affected",
"version": "add9183d993c12fb61ce0a674a424341d5be5b36",
"versionType": "git"
},
{
"lessThan": "3.11",
"status": "affected",
"version": "3.10.61",
"versionType": "semver"
},
{
"lessThan": "3.13",
"status": "affected",
"version": "3.12.34",
"versionType": "semver"
},
{
"lessThan": "3.15",
"status": "affected",
"version": "3.14.25",
"versionType": "semver"
},
{
"lessThan": "3.18",
"status": "affected",
"version": "3.17.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nfnetlink_log.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.253",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.203",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.134",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.253",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.203",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.168",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.134",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.81",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.22",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.12",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.12.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.14.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.17.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_log: account for netlink header size\n\nThis is a followup to an old bug fix: NLMSG_DONE needs to account\nfor the netlink header size, not just the attribute size.\n\nThis can result in a WARN splat + drop of the netlink message,\nbut other than this there are no ill effects."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:04:56.281Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4ec216410fac9de83c99177a160ebb8d42fad075"
},
{
"url": "https://git.kernel.org/stable/c/09883bf257f4243ed5a1fd35078ec6f0d0f3696a"
},
{
"url": "https://git.kernel.org/stable/c/761b45c661af48da6a065868d59ab1e1f64fd9b6"
},
{
"url": "https://git.kernel.org/stable/c/607245c4dbb86d9a10dd8388da0fb82170a99b61"
},
{
"url": "https://git.kernel.org/stable/c/6b419700e459fbf707ca1543b7c1b57a60fedb73"
},
{
"url": "https://git.kernel.org/stable/c/88a8f56e6276f616baad4274c6b8e4683e26e520"
},
{
"url": "https://git.kernel.org/stable/c/f08ffa3e1c8e36b6131f69c5eb23700c28cbd262"
},
{
"url": "https://git.kernel.org/stable/c/6d52a4a0520a6696bdde51caa11f2d6821cd0c01"
}
],
"title": "netfilter: nfnetlink_log: account for netlink header size",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-31416",
"datePublished": "2026-04-13T13:21:03.974Z",
"dateReserved": "2026-03-09T15:48:24.087Z",
"dateUpdated": "2026-05-23T16:04:56.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31417 (GCVE-0-2026-31417)
Vulnerability from cvelistv5 – Published: 2026-04-13 13:21 – Updated: 2026-05-11 22:08
VLAI
EPSS
Title
net/x25: Fix overflow when accumulating packets
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/x25: Fix overflow when accumulating packets
Add a check to ensure that `x25_sock.fraglen` does not overflow.
The `fraglen` also needs to be resetted when purging `fragment_queue` in
`x25_clear_queues()`.
Severity
7.5 (High)
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/96fc16370b0bceb28… | |
| https://git.kernel.org/stable/c/798d613afb64b01a2… | |
| https://git.kernel.org/stable/c/6e568835ea54a3e1d… | |
| https://git.kernel.org/stable/c/1734bd85c5e0a7a80… | |
| https://git.kernel.org/stable/c/4e2d1bcef78d21247… | |
| https://git.kernel.org/stable/c/8c92969c197b91c13… | |
| https://git.kernel.org/stable/c/f953f11ccf4afe6fe… | |
| https://git.kernel.org/stable/c/a1822cb524e89b4cd… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 96fc16370b0bceb289c7e0479bd0540b81e257aa
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 798d613afb64b01a203f448fb0f43c37c6afe79d (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6e568835ea54a3e1d08e310e34f95d434e739477 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1734bd85c5e0a7a801295b729efb56b009cb8fc3 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 4e2d1bcef78d21247fe8fef13bc7ed95885df2b5 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8c92969c197b91c134be27dc3afb64ab468853a9 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f953f11ccf4afe6feb635c08145f4240d9a6b544 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a1822cb524e89b4cd2cf0b82e484a2335496a6d9 (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 5.10.253 , ≤ 5.10.* (semver) Unaffected: 5.15.203 , ≤ 5.15.* (semver) Unaffected: 6.1.168 , ≤ 6.1.* (semver) Unaffected: 6.6.134 , ≤ 6.6.* (semver) Unaffected: 6.12.81 , ≤ 6.12.* (semver) Unaffected: 6.18.22 , ≤ 6.18.* (semver) Unaffected: 6.19.12 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/x25/x25_in.c",
"net/x25/x25_subr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "96fc16370b0bceb289c7e0479bd0540b81e257aa",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "798d613afb64b01a203f448fb0f43c37c6afe79d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "6e568835ea54a3e1d08e310e34f95d434e739477",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "1734bd85c5e0a7a801295b729efb56b009cb8fc3",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4e2d1bcef78d21247fe8fef13bc7ed95885df2b5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8c92969c197b91c134be27dc3afb64ab468853a9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "f953f11ccf4afe6feb635c08145f4240d9a6b544",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a1822cb524e89b4cd2cf0b82e484a2335496a6d9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/x25/x25_in.c",
"net/x25/x25_subr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.253",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.203",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.134",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.253",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.203",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.168",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.134",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.81",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.22",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.12",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/x25: Fix overflow when accumulating packets\n\nAdd a check to ensure that `x25_sock.fraglen` does not overflow.\n\nThe `fraglen` also needs to be resetted when purging `fragment_queue` in\n`x25_clear_queues()`."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:08:18.396Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/96fc16370b0bceb289c7e0479bd0540b81e257aa"
},
{
"url": "https://git.kernel.org/stable/c/798d613afb64b01a203f448fb0f43c37c6afe79d"
},
{
"url": "https://git.kernel.org/stable/c/6e568835ea54a3e1d08e310e34f95d434e739477"
},
{
"url": "https://git.kernel.org/stable/c/1734bd85c5e0a7a801295b729efb56b009cb8fc3"
},
{
"url": "https://git.kernel.org/stable/c/4e2d1bcef78d21247fe8fef13bc7ed95885df2b5"
},
{
"url": "https://git.kernel.org/stable/c/8c92969c197b91c134be27dc3afb64ab468853a9"
},
{
"url": "https://git.kernel.org/stable/c/f953f11ccf4afe6feb635c08145f4240d9a6b544"
},
{
"url": "https://git.kernel.org/stable/c/a1822cb524e89b4cd2cf0b82e484a2335496a6d9"
}
],
"title": "net/x25: Fix overflow when accumulating packets",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-31417",
"datePublished": "2026-04-13T13:21:04.638Z",
"dateReserved": "2026-03-09T15:48:24.087Z",
"dateUpdated": "2026-05-11T22:08:18.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31418 (GCVE-0-2026-31418)
Vulnerability from cvelistv5 – Published: 2026-04-13 13:21 – Updated: 2026-05-23 16:04
VLAI
EPSS
Title
netfilter: ipset: drop logically empty buckets in mtype_del
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: drop logically empty buckets in mtype_del
mtype_del() counts empty slots below n->pos in k, but it only drops the
bucket when both n->pos and k are zero. This misses buckets whose live
entries have all been removed while n->pos still points past deleted slots.
Treat a bucket as empty when all positions below n->pos are unused and
release it directly instead of shrinking it further.
Severity
No CVSS data available.
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/c098ff857e7ca9235… | |
| https://git.kernel.org/stable/c/58f3a14826d4e6b0d… | |
| https://git.kernel.org/stable/c/ad92ee87462f9a306… | |
| https://git.kernel.org/stable/c/6cea34d7ec6829b62… | |
| https://git.kernel.org/stable/c/b7eef00f08b92b0b9… | |
| https://git.kernel.org/stable/c/68ca0eea0af02bed3… | |
| https://git.kernel.org/stable/c/ceacaa76f221a6577… | |
| https://git.kernel.org/stable/c/9862ef9ab0a116c6d… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
8af1c6fbd9239877998c7f5a591cb2c88d41fb66 , < c098ff857e7ca923539164af5b3c2fe3e8f8afaf
(git)
Affected: 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 , < 58f3a14826d4e6b0d5421f1a64be280b48601ea2 (git) Affected: 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 , < ad92ee87462f9a3061361d392e9dbfe2e5c1c9fb (git) Affected: 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 , < 6cea34d7ec6829b62f521a37a287f670144a2233 (git) Affected: 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 , < b7eef00f08b92b0b9efe8ae0df6d0005e6199323 (git) Affected: 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 , < 68ca0eea0af02bed36c5e2c13e9fa1647c31a7d4 (git) Affected: 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 , < ceacaa76f221a6577aba945bb8873c2e640aeba4 (git) Affected: 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 , < 9862ef9ab0a116c6dca98842aab7de13a252ae02 (git) Affected: 6c717726f341fd8f39a3ec2dcf5d98d9d28a2769 (git) Affected: d2997d64dfa65082236bca1efd596b6c935daf5e (git) Affected: 5.4.24 , < 5.5 (semver) Affected: 5.5.8 , < 5.6 (semver) |
|
| Linux | Linux |
Affected:
5.6
Unaffected: 0 , < 5.6 (semver) Unaffected: 5.10.253 , ≤ 5.10.* (semver) Unaffected: 5.15.203 , ≤ 5.15.* (semver) Unaffected: 6.1.168 , ≤ 6.1.* (semver) Unaffected: 6.6.134 , ≤ 6.6.* (semver) Unaffected: 6.12.81 , ≤ 6.12.* (semver) Unaffected: 6.18.22 , ≤ 6.18.* (semver) Unaffected: 6.19.12 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/ipset/ip_set_hash_gen.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c098ff857e7ca923539164af5b3c2fe3e8f8afaf",
"status": "affected",
"version": "8af1c6fbd9239877998c7f5a591cb2c88d41fb66",
"versionType": "git"
},
{
"lessThan": "58f3a14826d4e6b0d5421f1a64be280b48601ea2",
"status": "affected",
"version": "8af1c6fbd9239877998c7f5a591cb2c88d41fb66",
"versionType": "git"
},
{
"lessThan": "ad92ee87462f9a3061361d392e9dbfe2e5c1c9fb",
"status": "affected",
"version": "8af1c6fbd9239877998c7f5a591cb2c88d41fb66",
"versionType": "git"
},
{
"lessThan": "6cea34d7ec6829b62f521a37a287f670144a2233",
"status": "affected",
"version": "8af1c6fbd9239877998c7f5a591cb2c88d41fb66",
"versionType": "git"
},
{
"lessThan": "b7eef00f08b92b0b9efe8ae0df6d0005e6199323",
"status": "affected",
"version": "8af1c6fbd9239877998c7f5a591cb2c88d41fb66",
"versionType": "git"
},
{
"lessThan": "68ca0eea0af02bed36c5e2c13e9fa1647c31a7d4",
"status": "affected",
"version": "8af1c6fbd9239877998c7f5a591cb2c88d41fb66",
"versionType": "git"
},
{
"lessThan": "ceacaa76f221a6577aba945bb8873c2e640aeba4",
"status": "affected",
"version": "8af1c6fbd9239877998c7f5a591cb2c88d41fb66",
"versionType": "git"
},
{
"lessThan": "9862ef9ab0a116c6dca98842aab7de13a252ae02",
"status": "affected",
"version": "8af1c6fbd9239877998c7f5a591cb2c88d41fb66",
"versionType": "git"
},
{
"status": "affected",
"version": "6c717726f341fd8f39a3ec2dcf5d98d9d28a2769",
"versionType": "git"
},
{
"status": "affected",
"version": "d2997d64dfa65082236bca1efd596b6c935daf5e",
"versionType": "git"
},
{
"lessThan": "5.5",
"status": "affected",
"version": "5.4.24",
"versionType": "semver"
},
{
"lessThan": "5.6",
"status": "affected",
"version": "5.5.8",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/ipset/ip_set_hash_gen.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.253",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.203",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.134",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.253",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.203",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.168",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.134",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.81",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.22",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.12",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: drop logically empty buckets in mtype_del\n\nmtype_del() counts empty slots below n-\u003epos in k, but it only drops the\nbucket when both n-\u003epos and k are zero. This misses buckets whose live\nentries have all been removed while n-\u003epos still points past deleted slots.\n\nTreat a bucket as empty when all positions below n-\u003epos are unused and\nrelease it directly instead of shrinking it further."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:04:57.387Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c098ff857e7ca923539164af5b3c2fe3e8f8afaf"
},
{
"url": "https://git.kernel.org/stable/c/58f3a14826d4e6b0d5421f1a64be280b48601ea2"
},
{
"url": "https://git.kernel.org/stable/c/ad92ee87462f9a3061361d392e9dbfe2e5c1c9fb"
},
{
"url": "https://git.kernel.org/stable/c/6cea34d7ec6829b62f521a37a287f670144a2233"
},
{
"url": "https://git.kernel.org/stable/c/b7eef00f08b92b0b9efe8ae0df6d0005e6199323"
},
{
"url": "https://git.kernel.org/stable/c/68ca0eea0af02bed36c5e2c13e9fa1647c31a7d4"
},
{
"url": "https://git.kernel.org/stable/c/ceacaa76f221a6577aba945bb8873c2e640aeba4"
},
{
"url": "https://git.kernel.org/stable/c/9862ef9ab0a116c6dca98842aab7de13a252ae02"
}
],
"title": "netfilter: ipset: drop logically empty buckets in mtype_del",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-31418",
"datePublished": "2026-04-13T13:21:05.316Z",
"dateReserved": "2026-03-09T15:48:24.087Z",
"dateUpdated": "2026-05-23T16:04:57.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31421 (GCVE-0-2026-31421)
Vulnerability from cvelistv5 – Published: 2026-04-13 13:40 – Updated: 2026-05-11 22:08
VLAI
EPSS
Title
net/sched: cls_fw: fix NULL pointer dereference on shared blocks
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: cls_fw: fix NULL pointer dereference on shared blocks
The old-method path in fw_classify() calls tcf_block_q() and
dereferences q->handle. Shared blocks leave block->q NULL, causing a
NULL deref when an empty cls_fw filter is attached to a shared block
and a packet with a nonzero major skb mark is classified.
Reject the configuration in fw_change() when the old method (no
TCA_OPTIONS) is used on a shared block, since fw_classify()'s
old-method path needs block->q which is NULL for shared blocks.
The fixed null-ptr-deref calling stack:
KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f]
RIP: 0010:fw_classify (net/sched/cls_fw.c:81)
Call Trace:
tcf_classify (./include/net/tc_wrapper.h:197 net/sched/cls_api.c:1764 net/sched/cls_api.c:1860)
tc_run (net/core/dev.c:4401)
__dev_queue_xmit (net/core/dev.c:4535 net/core/dev.c:4790)
Severity
No CVSS data available.
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/d6d5bd62a09650856… | |
| https://git.kernel.org/stable/c/febf64ca79a2d6540… | |
| https://git.kernel.org/stable/c/3d41f9a314afa94b1… | |
| https://git.kernel.org/stable/c/18328eff2f97d1a6a… | |
| https://git.kernel.org/stable/c/5cf41031922c154aa… | |
| https://git.kernel.org/stable/c/3cb055df9e8625ce6… | |
| https://git.kernel.org/stable/c/96426c348def662b0… | |
| https://git.kernel.org/stable/c/faeea8bbf6e958bf3… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1abf272022cf1d18469405f47b4ec49c6a3125db , < d6d5bd62a09650856e1e2010eb09853eba0d64e1
(git)
Affected: 1abf272022cf1d18469405f47b4ec49c6a3125db , < febf64ca79a2d6540ab6e5e197fa0f4f7e84473e (git) Affected: 1abf272022cf1d18469405f47b4ec49c6a3125db , < 3d41f9a314afa94b1c7c7c75405920123220e8cd (git) Affected: 1abf272022cf1d18469405f47b4ec49c6a3125db , < 18328eff2f97d1a6adcdb6d4a0f42f2f83a31e28 (git) Affected: 1abf272022cf1d18469405f47b4ec49c6a3125db , < 5cf41031922c154aa5ccda8bcdb0f5e6226582ec (git) Affected: 1abf272022cf1d18469405f47b4ec49c6a3125db , < 3cb055df9e8625ce699a259d8178d67b37f2b160 (git) Affected: 1abf272022cf1d18469405f47b4ec49c6a3125db , < 96426c348def662b06bfdc65be3002905604927a (git) Affected: 1abf272022cf1d18469405f47b4ec49c6a3125db , < faeea8bbf6e958bf3c00cb08263109661975987c (git) |
|
| Linux | Linux |
Affected:
4.15
Unaffected: 0 , < 4.15 (semver) Unaffected: 5.10.253 , ≤ 5.10.* (semver) Unaffected: 5.15.203 , ≤ 5.15.* (semver) Unaffected: 6.1.168 , ≤ 6.1.* (semver) Unaffected: 6.6.134 , ≤ 6.6.* (semver) Unaffected: 6.12.81 , ≤ 6.12.* (semver) Unaffected: 6.18.22 , ≤ 6.18.* (semver) Unaffected: 6.19.12 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/cls_fw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d6d5bd62a09650856e1e2010eb09853eba0d64e1",
"status": "affected",
"version": "1abf272022cf1d18469405f47b4ec49c6a3125db",
"versionType": "git"
},
{
"lessThan": "febf64ca79a2d6540ab6e5e197fa0f4f7e84473e",
"status": "affected",
"version": "1abf272022cf1d18469405f47b4ec49c6a3125db",
"versionType": "git"
},
{
"lessThan": "3d41f9a314afa94b1c7c7c75405920123220e8cd",
"status": "affected",
"version": "1abf272022cf1d18469405f47b4ec49c6a3125db",
"versionType": "git"
},
{
"lessThan": "18328eff2f97d1a6adcdb6d4a0f42f2f83a31e28",
"status": "affected",
"version": "1abf272022cf1d18469405f47b4ec49c6a3125db",
"versionType": "git"
},
{
"lessThan": "5cf41031922c154aa5ccda8bcdb0f5e6226582ec",
"status": "affected",
"version": "1abf272022cf1d18469405f47b4ec49c6a3125db",
"versionType": "git"
},
{
"lessThan": "3cb055df9e8625ce699a259d8178d67b37f2b160",
"status": "affected",
"version": "1abf272022cf1d18469405f47b4ec49c6a3125db",
"versionType": "git"
},
{
"lessThan": "96426c348def662b06bfdc65be3002905604927a",
"status": "affected",
"version": "1abf272022cf1d18469405f47b4ec49c6a3125db",
"versionType": "git"
},
{
"lessThan": "faeea8bbf6e958bf3c00cb08263109661975987c",
"status": "affected",
"version": "1abf272022cf1d18469405f47b4ec49c6a3125db",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/cls_fw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.253",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.203",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.134",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.253",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.203",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.168",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.134",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.81",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.22",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.12",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_fw: fix NULL pointer dereference on shared blocks\n\nThe old-method path in fw_classify() calls tcf_block_q() and\ndereferences q-\u003ehandle. Shared blocks leave block-\u003eq NULL, causing a\nNULL deref when an empty cls_fw filter is attached to a shared block\nand a packet with a nonzero major skb mark is classified.\n\nReject the configuration in fw_change() when the old method (no\nTCA_OPTIONS) is used on a shared block, since fw_classify()\u0027s\nold-method path needs block-\u003eq which is NULL for shared blocks.\n\nThe fixed null-ptr-deref calling stack:\n KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f]\n RIP: 0010:fw_classify (net/sched/cls_fw.c:81)\n Call Trace:\n tcf_classify (./include/net/tc_wrapper.h:197 net/sched/cls_api.c:1764 net/sched/cls_api.c:1860)\n tc_run (net/core/dev.c:4401)\n __dev_queue_xmit (net/core/dev.c:4535 net/core/dev.c:4790)"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:08:22.956Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d6d5bd62a09650856e1e2010eb09853eba0d64e1"
},
{
"url": "https://git.kernel.org/stable/c/febf64ca79a2d6540ab6e5e197fa0f4f7e84473e"
},
{
"url": "https://git.kernel.org/stable/c/3d41f9a314afa94b1c7c7c75405920123220e8cd"
},
{
"url": "https://git.kernel.org/stable/c/18328eff2f97d1a6adcdb6d4a0f42f2f83a31e28"
},
{
"url": "https://git.kernel.org/stable/c/5cf41031922c154aa5ccda8bcdb0f5e6226582ec"
},
{
"url": "https://git.kernel.org/stable/c/3cb055df9e8625ce699a259d8178d67b37f2b160"
},
{
"url": "https://git.kernel.org/stable/c/96426c348def662b06bfdc65be3002905604927a"
},
{
"url": "https://git.kernel.org/stable/c/faeea8bbf6e958bf3c00cb08263109661975987c"
}
],
"title": "net/sched: cls_fw: fix NULL pointer dereference on shared blocks",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-31421",
"datePublished": "2026-04-13T13:40:25.278Z",
"dateReserved": "2026-03-09T15:48:24.088Z",
"dateUpdated": "2026-05-11T22:08:22.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31422 (GCVE-0-2026-31422)
Vulnerability from cvelistv5 – Published: 2026-04-13 13:40 – Updated: 2026-05-11 22:08
VLAI
EPSS
Title
net/sched: cls_flow: fix NULL pointer dereference on shared blocks
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: cls_flow: fix NULL pointer dereference on shared blocks
flow_change() calls tcf_block_q() and dereferences q->handle to derive
a default baseclass. Shared blocks leave block->q NULL, causing a NULL
deref when a flow filter without a fully qualified baseclass is created
on a shared block.
Check tcf_block_shared() before accessing block->q and return -EINVAL
for shared blocks. This avoids the null-deref shown below:
=======================================================================
KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f]
RIP: 0010:flow_change (net/sched/cls_flow.c:508)
Call Trace:
tc_new_tfilter (net/sched/cls_api.c:2432)
rtnetlink_rcv_msg (net/core/rtnetlink.c:6980)
[...]
=======================================================================
Severity
No CVSS data available.
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/57f94ac7e953eece5… | |
| https://git.kernel.org/stable/c/942813276edeb1741… | |
| https://git.kernel.org/stable/c/cc707a4fd4c3b6ab2… | |
| https://git.kernel.org/stable/c/4a09f72007201c9f6… | |
| https://git.kernel.org/stable/c/9bf5fc36a43f7b8b5… | |
| https://git.kernel.org/stable/c/a208c3e1232997e93… | |
| https://git.kernel.org/stable/c/415ea0c973c754b9f… | |
| https://git.kernel.org/stable/c/1a280dd4bd1d616a0… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1abf272022cf1d18469405f47b4ec49c6a3125db , < 57f94ac7e953eece5ed4819605a18f3cdfc63dcc
(git)
Affected: 1abf272022cf1d18469405f47b4ec49c6a3125db , < 942813276edeb1741fa5b0a73471beb4e495fa08 (git) Affected: 1abf272022cf1d18469405f47b4ec49c6a3125db , < cc707a4fd4c3b6ab2722e06bc359aa010e13d408 (git) Affected: 1abf272022cf1d18469405f47b4ec49c6a3125db , < 4a09f72007201c9f667dc47f64517ec23eea65e5 (git) Affected: 1abf272022cf1d18469405f47b4ec49c6a3125db , < 9bf5fc36a43f7b8b5507c96e74fb81f1e8b4957e (git) Affected: 1abf272022cf1d18469405f47b4ec49c6a3125db , < a208c3e1232997e9317887294c20008dfcb75449 (git) Affected: 1abf272022cf1d18469405f47b4ec49c6a3125db , < 415ea0c973c754b9f375225807810eb9045f4293 (git) Affected: 1abf272022cf1d18469405f47b4ec49c6a3125db , < 1a280dd4bd1d616a01d6ffe0de284c907b555504 (git) |
|
| Linux | Linux |
Affected:
4.15
Unaffected: 0 , < 4.15 (semver) Unaffected: 5.10.253 , ≤ 5.10.* (semver) Unaffected: 5.15.203 , ≤ 5.15.* (semver) Unaffected: 6.1.168 , ≤ 6.1.* (semver) Unaffected: 6.6.134 , ≤ 6.6.* (semver) Unaffected: 6.12.81 , ≤ 6.12.* (semver) Unaffected: 6.18.22 , ≤ 6.18.* (semver) Unaffected: 6.19.12 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/cls_flow.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "57f94ac7e953eece5ed4819605a18f3cdfc63dcc",
"status": "affected",
"version": "1abf272022cf1d18469405f47b4ec49c6a3125db",
"versionType": "git"
},
{
"lessThan": "942813276edeb1741fa5b0a73471beb4e495fa08",
"status": "affected",
"version": "1abf272022cf1d18469405f47b4ec49c6a3125db",
"versionType": "git"
},
{
"lessThan": "cc707a4fd4c3b6ab2722e06bc359aa010e13d408",
"status": "affected",
"version": "1abf272022cf1d18469405f47b4ec49c6a3125db",
"versionType": "git"
},
{
"lessThan": "4a09f72007201c9f667dc47f64517ec23eea65e5",
"status": "affected",
"version": "1abf272022cf1d18469405f47b4ec49c6a3125db",
"versionType": "git"
},
{
"lessThan": "9bf5fc36a43f7b8b5507c96e74fb81f1e8b4957e",
"status": "affected",
"version": "1abf272022cf1d18469405f47b4ec49c6a3125db",
"versionType": "git"
},
{
"lessThan": "a208c3e1232997e9317887294c20008dfcb75449",
"status": "affected",
"version": "1abf272022cf1d18469405f47b4ec49c6a3125db",
"versionType": "git"
},
{
"lessThan": "415ea0c973c754b9f375225807810eb9045f4293",
"status": "affected",
"version": "1abf272022cf1d18469405f47b4ec49c6a3125db",
"versionType": "git"
},
{
"lessThan": "1a280dd4bd1d616a01d6ffe0de284c907b555504",
"status": "affected",
"version": "1abf272022cf1d18469405f47b4ec49c6a3125db",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/cls_flow.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.253",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.203",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.134",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.253",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.203",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.168",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.134",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.81",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.22",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.12",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_flow: fix NULL pointer dereference on shared blocks\n\nflow_change() calls tcf_block_q() and dereferences q-\u003ehandle to derive\na default baseclass. Shared blocks leave block-\u003eq NULL, causing a NULL\nderef when a flow filter without a fully qualified baseclass is created\non a shared block.\n\nCheck tcf_block_shared() before accessing block-\u003eq and return -EINVAL\nfor shared blocks. This avoids the null-deref shown below:\n\n=======================================================================\nKASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f]\nRIP: 0010:flow_change (net/sched/cls_flow.c:508)\nCall Trace:\n tc_new_tfilter (net/sched/cls_api.c:2432)\n rtnetlink_rcv_msg (net/core/rtnetlink.c:6980)\n [...]\n======================================================================="
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:08:24.111Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/57f94ac7e953eece5ed4819605a18f3cdfc63dcc"
},
{
"url": "https://git.kernel.org/stable/c/942813276edeb1741fa5b0a73471beb4e495fa08"
},
{
"url": "https://git.kernel.org/stable/c/cc707a4fd4c3b6ab2722e06bc359aa010e13d408"
},
{
"url": "https://git.kernel.org/stable/c/4a09f72007201c9f667dc47f64517ec23eea65e5"
},
{
"url": "https://git.kernel.org/stable/c/9bf5fc36a43f7b8b5507c96e74fb81f1e8b4957e"
},
{
"url": "https://git.kernel.org/stable/c/a208c3e1232997e9317887294c20008dfcb75449"
},
{
"url": "https://git.kernel.org/stable/c/415ea0c973c754b9f375225807810eb9045f4293"
},
{
"url": "https://git.kernel.org/stable/c/1a280dd4bd1d616a01d6ffe0de284c907b555504"
}
],
"title": "net/sched: cls_flow: fix NULL pointer dereference on shared blocks",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-31422",
"datePublished": "2026-04-13T13:40:25.911Z",
"dateReserved": "2026-03-09T15:48:24.088Z",
"dateUpdated": "2026-05-11T22:08:24.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31423 (GCVE-0-2026-31423)
Vulnerability from cvelistv5 – Published: 2026-04-13 13:40 – Updated: 2026-05-11 22:08
VLAI
EPSS
Title
net/sched: sch_hfsc: fix divide-by-zero in rtsc_min()
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_hfsc: fix divide-by-zero in rtsc_min()
m2sm() converts a u32 slope to a u64 scaled value. For large inputs
(e.g. m1=4000000000), the result can reach 2^32. rtsc_min() stores
the difference of two such u64 values in a u32 variable `dsm` and
uses it as a divisor. When the difference is exactly 2^32 the
truncation yields zero, causing a divide-by-zero oops in the
concave-curve intersection path:
Oops: divide error: 0000
RIP: 0010:rtsc_min (net/sched/sch_hfsc.c:601)
Call Trace:
init_ed (net/sched/sch_hfsc.c:629)
hfsc_enqueue (net/sched/sch_hfsc.c:1569)
[...]
Widen `dsm` to u64 and replace do_div() with div64_u64() so the full
difference is preserved.
Severity
No CVSS data available.
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://git.kernel.org/stable/c/ad8e8fec40290a8c8… | |
| https://git.kernel.org/stable/c/ab1ff5890c7354afc… | |
| https://git.kernel.org/stable/c/25b6821884713a31e… | |
| https://git.kernel.org/stable/c/c56f78614e7781aac… | |
| https://git.kernel.org/stable/c/b9e6431cbea8bb1fa… | |
| https://git.kernel.org/stable/c/17c1b9807b8a67d67… | |
| https://git.kernel.org/stable/c/d0aefec1b1a1ba2c1… | |
| https://git.kernel.org/stable/c/4576100b8cd031182… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ad8e8fec40290a8c8cf145c0deaadf76f80c5163
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ab1ff5890c7354afc7be56502fcfbd61f3b7ae4f (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 25b6821884713a31e2b49fb67b0ebd765b33e0a9 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c56f78614e7781aaceca9bd3cb2128bf7d45c3bd (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b9e6431cbea8bb1fae8069ed099b4ee100499835 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 17c1b9807b8a67d676b6dcf749ee932ebaa7f568 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d0aefec1b1a1ba2c1d251028dc2c4e5b4ce1fea5 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 4576100b8cd03118267513cafacde164b498b322 (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 5.10.253 , ≤ 5.10.* (semver) Unaffected: 5.15.203 , ≤ 5.15.* (semver) Unaffected: 6.1.168 , ≤ 6.1.* (semver) Unaffected: 6.6.134 , ≤ 6.6.* (semver) Unaffected: 6.12.81 , ≤ 6.12.* (semver) Unaffected: 6.18.22 , ≤ 6.18.* (semver) Unaffected: 6.19.12 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/sch_hfsc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ad8e8fec40290a8c8cf145c0deaadf76f80c5163",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ab1ff5890c7354afc7be56502fcfbd61f3b7ae4f",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "25b6821884713a31e2b49fb67b0ebd765b33e0a9",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c56f78614e7781aaceca9bd3cb2128bf7d45c3bd",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b9e6431cbea8bb1fae8069ed099b4ee100499835",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "17c1b9807b8a67d676b6dcf749ee932ebaa7f568",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d0aefec1b1a1ba2c1d251028dc2c4e5b4ce1fea5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "4576100b8cd03118267513cafacde164b498b322",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/sch_hfsc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.253",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.203",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.134",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.253",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.203",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.168",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.134",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.81",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.22",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.12",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_hfsc: fix divide-by-zero in rtsc_min()\n\nm2sm() converts a u32 slope to a u64 scaled value. For large inputs\n(e.g. m1=4000000000), the result can reach 2^32. rtsc_min() stores\nthe difference of two such u64 values in a u32 variable `dsm` and\nuses it as a divisor. When the difference is exactly 2^32 the\ntruncation yields zero, causing a divide-by-zero oops in the\nconcave-curve intersection path:\n\n Oops: divide error: 0000\n RIP: 0010:rtsc_min (net/sched/sch_hfsc.c:601)\n Call Trace:\n init_ed (net/sched/sch_hfsc.c:629)\n hfsc_enqueue (net/sched/sch_hfsc.c:1569)\n [...]\n\nWiden `dsm` to u64 and replace do_div() with div64_u64() so the full\ndifference is preserved."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:08:25.251Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ad8e8fec40290a8c8cf145c0deaadf76f80c5163"
},
{
"url": "https://git.kernel.org/stable/c/ab1ff5890c7354afc7be56502fcfbd61f3b7ae4f"
},
{
"url": "https://git.kernel.org/stable/c/25b6821884713a31e2b49fb67b0ebd765b33e0a9"
},
{
"url": "https://git.kernel.org/stable/c/c56f78614e7781aaceca9bd3cb2128bf7d45c3bd"
},
{
"url": "https://git.kernel.org/stable/c/b9e6431cbea8bb1fae8069ed099b4ee100499835"
},
{
"url": "https://git.kernel.org/stable/c/17c1b9807b8a67d676b6dcf749ee932ebaa7f568"
},
{
"url": "https://git.kernel.org/stable/c/d0aefec1b1a1ba2c1d251028dc2c4e5b4ce1fea5"
},
{
"url": "https://git.kernel.org/stable/c/4576100b8cd03118267513cafacde164b498b322"
}
],
"title": "net/sched: sch_hfsc: fix divide-by-zero in rtsc_min()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-31423",
"datePublished": "2026-04-13T13:40:26.567Z",
"dateReserved": "2026-03-09T15:48:24.088Z",
"dateUpdated": "2026-05-11T22:08:25.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…