CVE-2026-31428
- Source
- https://cve.org/CVERecord?id=CVE-2026-31428
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31428.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-31428
- Downstream
- Published
- 2026-04-13T13:40:30.987Z
- Modified
- 2026-05-07T04:18:37.902897Z
- Summary
- netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlinklog: fix uninitialized padding leak in NFULAPAYLOAD
_buildpacketmessage() manually constructs the NFULAPAYLOAD netlink attribute using skbput() and skbcopybits(), bypassing the standard nlareserve()/nlaput() helpers. While nlatotalsize(datalen) bytes are allocated (including NLA alignment padding), only datalen bytes of actual packet data are copied. The trailing nlapadlen(datalen) bytes (1-3 when datalen is not 4-byte aligned) are never initialized, leaking stale heap contents to userspace via the NFLOG netlink socket.
Replace the manual attribute construction with nla_reserve(), which handles the tailroom check, header setup, and padding zeroing via _nlareserve(). The subsequent skbcopybits() fills in the payload data on top of the properly initialized attribute.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31428.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/21d8efda029948d3666b0db5afcc0d36c0984aae
- https://git.kernel.org/stable/c/52025ebaa29f4eb4ed8bf92ce83a68f24ab7fdf7
- https://git.kernel.org/stable/c/7eff72968161fb8ddb26113344de3b92fb7d7ef5
- https://git.kernel.org/stable/c/7f3e5d72455936f42709116fabeca3bb216cda62
- https://git.kernel.org/stable/c/a2f6ff3444b663d6cfa63eadd61327a18592885a
- https://git.kernel.org/stable/c/a8365d1064ded323797c5e28e91070c52f44b76c
- https://git.kernel.org/stable/c/c9f6c51d36482805ac3ffadb9663fe775a13e926
- https://git.kernel.org/stable/c/fc961dd7272b5e4a462999635e44a4770d7f2482
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31428.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-31428
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceddf6fb868d6118686805c2fa566e213a8f31c8e4fFixed7f3e5d72455936f42709116fabeca3bb216cda62Fixed21d8efda029948d3666b0db5afcc0d36c0984aaeFixedfc961dd7272b5e4a462999635e44a4770d7f2482Fixeda8365d1064ded323797c5e28e91070c52f44b76cFixeda2f6ff3444b663d6cfa63eadd61327a18592885aFixedc9f6c51d36482805ac3ffadb9663fe775a13e926Fixed7eff72968161fb8ddb26113344de3b92fb7d7ef5Fixed52025ebaa29f4eb4ed8bf92ce83a68f24ab7fdf7
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced2.6.24Fixed5.10.253
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.203
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.168
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.131
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.80
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.18.21
- Type
- ECOSYSTEM
- Events
-
Introduced6.19.0Fixed6.19.11