CVE-2026-31428

CVE-2026-31428 — In the Linux kernel, nfnetlink_log’s __build_packet_message() previously built NFULA_PAYLOAD attributes manually via skb_put()/skb_copy_bits(), bypassing nla_reserve()/nla_put(). This caused trailing padding to remain uninitialized, leaking stale heap data to userspace over NFLOG...