216.73.216.204

CVE-2026-31681

· Published 25/04/2026 09:16 · Modified 25/04/2026 09:16

Labels: CVE-2026-31681 2026-04-25416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2026-31681

Essential information

Published
25/04/2026 09:16
Modified
25/04/2026 09:16
Author
Creator
CISA KEV
No
CWE

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_multiport: validate range encoding in checkentry ports_match_v1() treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports[] element as the range end. The checkentry path currently validates protocol, flags and count, but it does not validate the range encoding itself. As a result, malformed rules can mark the last slot as a range start or place two range starts back to back, leaving ports_match_v1() to step past the last valid ports[] element while interpreting the rule. Reject malformed multiport v1 rules in checkentry by validating that each range start has a following element and that the following element is not itself marked as another range start.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD
View on NVD

Affected products (CPE)

ProductCPE
linux / linux kernel cpe:2.3:a:linux:linux_kernel:*:*:*:*:*:*:*:*

References