CVE-2026-46101

In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in nftbitwise Reject zero shift operands for nftbitwise left and right shift expressions during initialization. The carry propagation logic computes the carry from the adjacent 32-bit word using...

CVE-2026-31681

A flaw was found in the Linux kernel's netfilter xtmultiport module. This vulnerability arises from insufficient validation of range encoding within the checkentry function. A local attacker can exploit this by crafting malformed multiport rules, which causes the portsmatchv1 function to read...

SUSE CVE-2026-31674

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6trt: reject oversized addrnr in rtmt6check Reject rt match rules whose addrnr exceeds IP6TRTHOPS. rtmt6 expects addrnr to stay within the bounds of rtinfo-addrs. Validate addrnr during rule installation so malformed...

SUSE CVE-2026-31681

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtmultiport: validate range encoding in checkentry portsmatchv1 treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports element as the range end. The checkentry path...

CVE-2026-31681

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtmultiport: validate range encoding in checkentry portsmatchv1 treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports element as the range end. The checkentry path...

CVE-2026-31681 netfilter: xt_multiport: validate range encoding in checkentry

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtmultiport: validate range encoding in checkentry portsmatchv1 treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports element as the range end. The checkentry path...

EUVD-2026-25648

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtmultiport: validate range encoding in checkentry portsmatchv1 treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports element as the range end. The checkentry path...

CVE-2026-31681

CVE-2026-31681 affects the Linux kernel netfilter xt_multiport component. The issue is in ports_match_v1() where a non-zero pflags entry is treated as a range start, causing the end of the range to be consumed incorrectly and potentially reading past the last ports[] element when a malformed rule...

PT-2026-35141

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter xt multiport component where the checkentry path fails to validate range encoding. The ports match v1 function treats any non-zero pflags entry as the...