CVE-2026-31674

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the ip6trt module. This vulnerability occurs when processing IPv6 routing header RT match rules with an oversized address number addrnr. A local attacker could exploit this by crafting a malicious netfilter rule,...

netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()

...

CVE-2026-31674

The CVE-2026-31674 issue affects the Linux kernel netfilter ip6t_rt module, where processing IPv6 routing header (RT) match rules can overflow addrnr if it exceeds IP6T_RT_HOPS. The root cause is rt_mt6() using addrnr outside rtinfo->addrs[] bounds. A patch added validation of addrnr during ru...

CVE-2026-31674 netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6trt: reject oversized addrnr in rtmt6check Reject rt match rules whose addrnr exceeds IP6TRTHOPS. rtmt6 expects addrnr to stay within the bounds of rtinfo-addrs. Validate addrnr during rule installation so malformed...

SUSE CVE-2008-2826

Integer overflow in the sctpgetsockoptlocaladdrsold function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service resource consumption and system outage via vectors involving a large...