CVE-2026-31674
Received Received - Intake
Out-of-Bounds Access in Linux netfilter ip6t_rt Match Rules

Publication date: 2026-04-25

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() Reject rt match rules whose addrnr exceeds IP6T_RT_HOPS. rt_mt6() expects addrnr to stay within the bounds of rtinfo->addrs[]. Validate addrnr during rule installation so malformed rules are rejected before the match logic can use an out-of-range value.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-25
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-04-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31674
Affected Vendors & Products
Showing 17 associated CPEs
Vendor Product Version / Range
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 2.6.12
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 5.11 (inc) to 5.15.203 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.168 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.21 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.11 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.131 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.80 (exc)
linux linux_kernel From 2.6.12.1 (inc) to 5.10.253 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's netfilter component, specifically in the ip6t_rt module. The issue involves the handling of the addrnr value in the rt_mt6_check() function. The vulnerability arises because the code did not properly reject rules where addrnr exceeds the maximum allowed value (IP6T_RT_HOPS). Since rt_mt6() expects addrnr to be within the bounds of the rtinfo->addrs[] array, an out-of-range addrnr could cause unexpected behavior. The fix involves validating addrnr during rule installation to reject malformed rules before they can be used in matching logic.

Impact Analysis

If exploited, this vulnerability could allow malformed netfilter rules with out-of-range addrnr values to be installed. This might lead to unexpected behavior in the kernel's packet filtering logic, potentially causing crashes, denial of service, or other unpredictable effects depending on how the out-of-bounds access is handled.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31674. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart