CVE-2026-31418
MEDIUM EPSS 1.8%
Published Apr 13, 20262mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Published Apr 13, 2026 2mo ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: drop logically empty buckets in mtype_del mtype_del() counts empty slots below n->pos in k, but it only drops the bucket when both n->pos and k are zero. This misses buckets whose live entries have all been removed while n->pos still points past deleted slots. Treat a bucket as empty when all positions below n->pos are unused and release it directly instead of shrinking it further.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
1.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 20
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥5.4.24 – <5.5 |
| linux | linux_kernel | * | ≥5.5.8 – <5.6 |
| linux | linux_kernel | * | ≥5.6.1 – <5.10.253 |
| linux | linux_kernel | * | ≥5.11 – <5.15.203 |
| linux | linux_kernel | * | ≥5.16 – <6.1.168 |
| linux | linux_kernel | * | ≥6.2 – <6.6.134 |
| linux | linux_kernel | * | ≥6.7 – <6.12.81 |
| linux | linux_kernel | * | ≥6.13 – <6.18.22 |
| linux | linux_kernel | * | ≥6.19 – <6.19.12 |
| linux | linux_kernel | 5.6 | any |
| linux | linux_kernel | 5.6 | any |
| linux | linux_kernel | 5.6 | any |
| linux | linux_kernel | 5.6 | any |
| linux | linux_kernel | 5.6 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
| linux | linux_kernel | 7.0 | any |
References 8
- git.kernel.org https://git.kernel.org/stable/c/58f3a14826d4e6b0d5421f1a64be280b48601ea2
- git.kernel.org https://git.kernel.org/stable/c/68ca0eea0af02bed36c5e2c13e9fa1647c31a7d4
- git.kernel.org https://git.kernel.org/stable/c/6cea34d7ec6829b62f521a37a287f670144a2233
- git.kernel.org https://git.kernel.org/stable/c/9862ef9ab0a116c6dca98842aab7de13a252ae02
- git.kernel.org https://git.kernel.org/stable/c/ad92ee87462f9a3061361d392e9dbfe2e5c1c9fb
- git.kernel.org https://git.kernel.org/stable/c/b7eef00f08b92b0b9efe8ae0df6d0005e6199323
- git.kernel.org https://git.kernel.org/stable/c/c098ff857e7ca923539164af5b3c2fe3e8f8afaf
- git.kernel.org https://git.kernel.org/stable/c/ceacaa76f221a6577aba945bb8873c2e640aeba4
Remediation
- git.kernel.org https://git.kernel.org/stable/c/58f3a14826d4e6b0d5421f1a64be280b48601ea2
- git.kernel.org https://git.kernel.org/stable/c/68ca0eea0af02bed36c5e2c13e9fa1647c31a7d4
- git.kernel.org https://git.kernel.org/stable/c/6cea34d7ec6829b62f521a37a287f670144a2233
- git.kernel.org https://git.kernel.org/stable/c/9862ef9ab0a116c6dca98842aab7de13a252ae02
- git.kernel.org https://git.kernel.org/stable/c/ad92ee87462f9a3061361d392e9dbfe2e5c1c9fb
- git.kernel.org https://git.kernel.org/stable/c/b7eef00f08b92b0b9efe8ae0df6d0005e6199323
- git.kernel.org https://git.kernel.org/stable/c/c098ff857e7ca923539164af5b3c2fe3e8f8afaf
- git.kernel.org https://git.kernel.org/stable/c/ceacaa76f221a6577aba945bb8873c2e640aeba4