CVE-2026-31418
Logic Error in Linux Kernel netfilter ipset Bucket Handling
Publication date: 2026-04-13
Last updated on: 2026-04-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netfilter | ipset | * |
| linux | linux_kernel | to 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (inc) |
| linux_kernel | ipset | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's netfilter ipset component, specifically in the function mtype_del(). The function is responsible for managing buckets of entries, but it incorrectly handles empty buckets. It only drops a bucket when both n->pos and k are zero, which causes it to miss buckets that have had all their live entries removed but where n->pos still points past deleted slots. The fix treats a bucket as empty when all positions below n->pos are unused and releases it directly instead of shrinking it further.
How can this vulnerability impact me? :
This vulnerability in the Linux kernel's netfilter ipset component involves improper handling of logically empty buckets in the mtype_del function. It may cause the system to retain empty buckets longer than necessary, potentially leading to inefficient memory usage or resource management issues.