CVE-2026-31428 netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinklog: fix uninitialized padding leak in NFULAPAYLOAD buildpacketmessage manually constructs the NFULAPAYLOAD netlink attribute using skbput and skbcopybits, bypassing the standard nlareserve/nlaput helpers. Whi...

CVE-2026-31428

CVE-2026-31428 — In the Linux kernel, nfnetlink_log’s __build_packet_message() previously built NFULA_PAYLOAD attributes manually via skb_put()/skb_copy_bits(), bypassing nla_reserve()/nla_put(). This caused trailing padding to remain uninitialized, leaking stale heap data to userspace over NFLOG...

CVE-2026-31428

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinklog: fix uninitialized padding leak in NFULAPAYLOAD buildpacketmessage manually constructs the NFULAPAYLOAD netlink attribute using skbput and skbcopybits, bypassing the standard nlareserve/nlaput helpers. Whi...

CVE-2026-31420 bridge: mrp: reject zero test interval to avoid OOM panic

In the Linux kernel, the following vulnerability has been resolved: bridge: mrp: reject zero test interval to avoid OOM panic brmrpstarttest and brmrpstartintest accept the user-supplied interval value from netlink without validation. When interval is 0, usecstojiffies0 yields 0, causing the...

CVE-2026-31420

CVE-2026-31420 affects Linux kernel bridge MRP interval handling. Vulerability arises when br_mrp_start_test/br_mrp_start_in_test accept a user-supplied interval from netlink with no validation; if interval is 0, the delay becomes zero and a tight loop can exhaust memory, causing an OOM kernel pa...

CVE-2026-31416

CVE-2026-31416 (Linux kernel) : Affected component is netfilter nfnetlink_log. The issue is caused by not accounting for the netlink header size when processing NL messages, which can lead to a WARN splat and potential drop of the affected netlink message, with no other ill effects reported in th...

CVE-2026-31416 netfilter: nfnetlink_log: account for netlink header size

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinklog: account for netlink header size This is a followup to an old bug fix: NLMSGDONE needs to account for the netlink header size, not just the attribute size. This can result in a WARN splat + drop of the...

CVE-2026-31416

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinklog: account for netlink header size This is a followup to an old bug fix: NLMSGDONE needs to account for the netlink header size, not just the attribute size. This can result in a WARN splat + drop of the...

CVE-2026-31416

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinklog: account for netlink header size This is a followup to an old bug fix: NLMSGDONE needs to account for the netlink header size, not just the attribute size. This can result in a WARN splat + drop of the...

CVE-2026-31416

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinklog: account for netlink header size This is a followup to an old bug fix: NLMSGDONE needs to account for the netlink header size, not just the attribute size. This can result in a WARN splat + drop of the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from not considering the size of the netlink header. This vulnerability may cause netlink messages to ...

PT-2026-32346

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The bridge MRP component fails to validate user-supplied interval values from netlink in the br mrp start test, br mrp start in test, and br mrp start in test parse functions. When an...

Linux Distros Unpatched Vulnerability : CVE-2026-31420

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bridge: mrp: reject zero test interval to avoid OOM panic brmrpstarttest and brmrpstartintest accept the user-supplied interval value from netlink without...

PT-2026-32354

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the netfilter nfnetlink log component allows the leak of stale heap contents to userspace via the NFLOG netlink socket. The function build packet message manually constructs th...

PT-2026-32342

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter nfnetlink log component where the NLMSG DONE does not properly account for the netlink header size, considering only the attribute size. This can lead to...

Linux Distros Unpatched Vulnerability : CVE-2026-31416

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nfnetlinklog: account for netlink header size This is a followup to an old bug fix: NLMSGDONE needs to account for the netlink header size, not just...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006775)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006775 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix infinite recursion in fib6dumpdone. syzkaller reported infinite recursive calls of...

netfilter: conntrack: add missing netlink policy validations

...

CVE-2025-52909

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow via a certain ioctl message, issue 2 of 2...

ROS-20260407-73-0019

A vulnerability in the net/netlink/afnetlink.c component of the Linux kernel is related to incorrect input of data used as a condition for loop execution. Exploitation of the vulnerability allows an attacker to cause a denial of service...