CVE-2026-31681

MEDIUM EPSS 1.8%
Published Apr 25, 20262mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 25, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_multiport: validate range encoding in checkentry ports_match_v1() treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports[] element as the range end. The checkentry path currently validates protocol, flags and count, but it does not validate the range encoding itself. As a result, malformed rules can mark the last slot as a range start or place two range starts back to back, leaving ports_match_v1() to step past the last valid ports[] element while interpreting the rule. Reject malformed multiport v1 rules in checkentry by validating that each range start has a following element and that the following element is not itself marked as another range start.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥2.6.17  –  <6.6.136
linuxlinux_kernel*≥6.7  –  <6.12.83
linuxlinux_kernel*≥6.13  –  <6.18.24
linuxlinux_kernel*≥6.19  –  <6.19.14
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/1e4baa853f1cc4227e04f52d6860524707cfb294
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/36bf0d98e180a7c384c8d8a59b0d2d4b80e5eb16
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8368ce8eb01f0b91111d814703696e780d0ef12f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8c5bf8f5b478f569191c4a7982de7cd5f5f73c1a
  • git.kernel.org https://git.kernel.org/stable/c/aec14808271f2bf2b656de6ff12dfe73c5fd3b67
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b67d638cbee9975c765feb45c126e96ed11ec802
  • git.kernel.org https://git.kernel.org/stable/c/c9749f6232c845e31c21d4cc72200211df15d8a2
  • git.kernel.org https://git.kernel.org/stable/c/ff64c5bfef12461df8450e0f50bb693b5269c720
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1e4baa853f1cc4227e04f52d6860524707cfb294
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/36bf0d98e180a7c384c8d8a59b0d2d4b80e5eb16
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8368ce8eb01f0b91111d814703696e780d0ef12f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aec14808271f2bf2b656de6ff12dfe73c5fd3b67
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ff64c5bfef12461df8450e0f50bb693b5269c720
    Patch