Improper input validation in Linux kernel - CVE-2026-31495
Published: April 24, 2026
Vulnerability identifier: #VU127653
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31495
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in ctnetlink when handling netlink attribute values. A local user can send a specially crafted netlink message to cause a denial of service.
The issue involves invalid TCP state, window scale, and flag values accepted through ctnetlink attributes.
How to mitigate CVE-2026-31495
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/2ef71307c86a9f866d6e28f1a0c06e2e9d794474
- https://git.kernel.org/stable/c/435b576cd2faa75154777868f8cbb73bf71644d3
- https://git.kernel.org/stable/c/45c33e79ae705b7af97e3117672b6cd258dd0b1b
- https://git.kernel.org/stable/c/4f7d25f3f0786402ba48ff7d13b6241d77d975f5
- https://git.kernel.org/stable/c/675c913b940488a84effdeeac5a1cfb657b59804
- https://git.kernel.org/stable/c/8f15b5071b4548b0aafc03b366eb45c9c6566704
- https://git.kernel.org/stable/c/c6cb41eaae875501eaaa487b8db6539feb092292
- https://git.kernel.org/stable/c/fcec5ce2d73a41668b24e3f18c803541602a59f6