CVE-2026-31414
Use-After-Reference Vulnerability in Linux Kernel Netfilter nf_conntrack_expect
Publication date: 2026-04-13
Last updated on: 2026-04-27
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux_kernel | linux_kernel | * |
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel relates to the netfilter subsystem, specifically the nf_conntrack_expect component. The issue involves the unsafe use of nfct_help() without holding a reference to the master connection tracking (conntrack) object. The fix involves using the expect->helper in ctnetlink and /proc to properly dump the helper name and ensuring that the reference to the master conntrack is held when needed. This prevents unsafe behavior by using exp->master->helper in the ctnetlink path if userspace does not provide an explicit helper when creating an expectation.
How can this vulnerability impact me? :
The vulnerability could lead to unsafe operations within the Linux kernel's connection tracking system, potentially causing instability or unexpected behavior in network packet processing. This might affect firewall or network filtering functions that rely on netfilter's connection tracking, possibly leading to security risks or denial of service conditions.