CVE-2026-31418
Published: Apr 13, 2026
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: drop logically empty buckets in mtype_del mtype_del() counts empty slots below n->pos in k, but it only drops the bucket when both n->pos and k are zero. This misses buckets whose live entries have all been removed while n->pos still points past deleted slots. Treat a bucket as empty when all positions below n->pos are unused and release it directly instead of shrinking it further.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 - < c098ff857e7ca923539164af5b3c2fe3e8f8afafaffected 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 - < 58f3a14826d4e6b0d5421f1a64be280b48601ea2affected 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 - < ad92ee87462f9a3061361d392e9dbfe2e5c1c9fbaffected 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 - < 6cea34d7ec6829b62f521a37a287f670144a2233affected 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 - < b7eef00f08b92b0b9efe8ae0df6d0005e6199323+7 more versions |
Linux | Linux | affected 5.6unaffected 0 - < 5.6unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.168 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now