{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31416", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.087Z", "datePublished": "2026-04-13T13:21:03.974Z", "dateUpdated": "2026-05-11T22:08:17.264Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:08:17.264Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_log: account for netlink header size\n\nThis is a followup to an old bug fix: NLMSG_DONE needs to account\nfor the netlink header size, not just the attribute size.\n\nThis can result in a WARN splat + drop of the netlink message,\nbut other than this there are no ill effects."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nfnetlink_log.c"], "versions": [{"version": "9dfa1dfe4d5e5e66a991321ab08afe69759d797a", "lessThan": "4ec216410fac9de83c99177a160ebb8d42fad075", "status": "affected", "versionType": "git"}, {"version": "9dfa1dfe4d5e5e66a991321ab08afe69759d797a", "lessThan": "09883bf257f4243ed5a1fd35078ec6f0d0f3696a", "status": "affected", "versionType": "git"}, {"version": "9dfa1dfe4d5e5e66a991321ab08afe69759d797a", "lessThan": "761b45c661af48da6a065868d59ab1e1f64fd9b6", "status": "affected", "versionType": "git"}, {"version": "9dfa1dfe4d5e5e66a991321ab08afe69759d797a", "lessThan": "607245c4dbb86d9a10dd8388da0fb82170a99b61", "status": "affected", "versionType": "git"}, {"version": "9dfa1dfe4d5e5e66a991321ab08afe69759d797a", "lessThan": "6b419700e459fbf707ca1543b7c1b57a60fedb73", "status": "affected", "versionType": "git"}, {"version": "9dfa1dfe4d5e5e66a991321ab08afe69759d797a", "lessThan": "88a8f56e6276f616baad4274c6b8e4683e26e520", "status": "affected", "versionType": "git"}, {"version": "9dfa1dfe4d5e5e66a991321ab08afe69759d797a", "lessThan": "f08ffa3e1c8e36b6131f69c5eb23700c28cbd262", "status": "affected", "versionType": "git"}, {"version": "9dfa1dfe4d5e5e66a991321ab08afe69759d797a", "lessThan": "6d52a4a0520a6696bdde51caa11f2d6821cd0c01", "status": "affected", "versionType": "git"}, {"version": "3a758a2b78da2f49f7165678faf999e946a0c4b5", "status": "affected", "versionType": "git"}, {"version": "131172845aa2c804ffa9423455aee585061ea35e", "status": "affected", "versionType": "git"}, {"version": "b1fef6b81871a396f3b8702077333e769673c87b", "status": "affected", "versionType": "git"}, {"version": "add9183d993c12fb61ce0a674a424341d5be5b36", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nfnetlink_log.c"], "versions": [{"version": "3.18", "status": "affected"}, {"version": "0", "lessThan": "3.18", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.253", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.168", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.134", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.81", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.22", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.12", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "5.10.253"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "6.1.168"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "6.6.134"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "6.12.81"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "6.18.22"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "6.19.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.18", "versionEndExcluding": "7.0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.10.61"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.12.34"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.14.25"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17.4"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/4ec216410fac9de83c99177a160ebb8d42fad075"}, {"url": "https://git.kernel.org/stable/c/09883bf257f4243ed5a1fd35078ec6f0d0f3696a"}, {"url": "https://git.kernel.org/stable/c/761b45c661af48da6a065868d59ab1e1f64fd9b6"}, {"url": "https://git.kernel.org/stable/c/607245c4dbb86d9a10dd8388da0fb82170a99b61"}, {"url": "https://git.kernel.org/stable/c/6b419700e459fbf707ca1543b7c1b57a60fedb73"}, {"url": "https://git.kernel.org/stable/c/88a8f56e6276f616baad4274c6b8e4683e26e520"}, {"url": "https://git.kernel.org/stable/c/f08ffa3e1c8e36b6131f69c5eb23700c28cbd262"}, {"url": "https://git.kernel.org/stable/c/6d52a4a0520a6696bdde51caa11f2d6821cd0c01"}], "title": "netfilter: nfnetlink_log: account for netlink header size", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_log: account for netlink header size\n\nThis is a followup to an old bug fix: NLMSG_DONE needs to account\nfor the netlink header size, not just the attribute size.\n\nThis can result in a WARN splat + drop of the netlink message,\nbut other than this there are no ill effects."}], "id": "CVE-2026-31416", "lastModified": "2026-04-18T09:16:31.390", "metrics": {}, "published": "2026-04-13T14:16:10.907", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/09883bf257f4243ed5a1fd35078ec6f0d0f3696a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4ec216410fac9de83c99177a160ebb8d42fad075"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/607245c4dbb86d9a10dd8388da0fb82170a99b61"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6b419700e459fbf707ca1543b7c1b57a60fedb73"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6d52a4a0520a6696bdde51caa11f2d6821cd0c01"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/761b45c661af48da6a065868d59ab1e1f64fd9b6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/88a8f56e6276f616baad4274c6b8e4683e26e520"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f08ffa3e1c8e36b6131f69c5eb23700c28cbd262"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: netfilter: nfnetlink_log: account for netlink header size", "id": "2457825", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457825"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2026-31416", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31416\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31416\nhttps://lore.kernel.org/linux-cve-announce/2026041310-CVE-2026-31416-9c4a@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[9dfa1dfe4d5e5e66a991321ab08afe69759d797a,761b45c661af48da6a065868d59ab1e1f64fd9b6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[9dfa1dfe4d5e5e66a991321ab08afe69759d797a,607245c4dbb86d9a10dd8388da0fb82170a99b61)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[9dfa1dfe4d5e5e66a991321ab08afe69759d797a,6b419700e459fbf707ca1543b7c1b57a60fedb73)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[9dfa1dfe4d5e5e66a991321ab08afe69759d797a,88a8f56e6276f616baad4274c6b8e4683e26e520)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[9dfa1dfe4d5e5e66a991321ab08afe69759d797a,f08ffa3e1c8e36b6131f69c5eb23700c28cbd262)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[9dfa1dfe4d5e5e66a991321ab08afe69759d797a,6d52a4a0520a6696bdde51caa11f2d6821cd0c01)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "3a758a2b78da2f49f7165678faf999e946a0c4b5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "131172845aa2c804ffa9423455aee585061ea35e"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "b1fef6b81871a396f3b8702077333e769673c87b"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "add9183d993c12fb61ce0a674a424341d5be5b36"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.18"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,3.18)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.168,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.134,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.81,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.22,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.12,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-14T14:20:35.989032+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a version that incorporates the netlink header size fix", "Verify the current kernel release using 'uname -r' and confirm it includes the latest nfnetlink_log patch", "If an immediate upgrade is not possible, disable or reduce nfnetlink logging via sysctl parameters to minimize impact of dropped messages", "Monitor system logs for WARN splat entries that may indicate the vulnerability is in effect"], "summary": {"action": "Kernel Update", "impact": "Netlink message drop"}, "threat_synthesis": {"affected_systems": "Any Linux system running a kernel version that has not yet incorporated the header\u2011size accounting patch is affected. All distributions that ship the unpatched kernel are at risk. The patch is included in recent kernel commits, so systems that have updated beyond that point are safe.", "description_and_impact": "The vulnerability resides in the nfnetlink_log subsystem of the Linux kernel. The code handling NLMSG_DONE messages only accounts for the size of the netlink attributes, overlooking the full netlink header length. When a message arrives that contains an unexpected or larger header, the kernel generates a WARN splat and drops the message. The bug does not lead to code execution, data corruption, or other serious effects; it merely causes a log entry to be lost and a warning to appear.", "risk_and_exploitability": "The CVSS score of 5.5 reflects moderate severity, while an EPSS score of less than one percent indicates a low likelihood of observed exploitation. No KISA KEV listing further suggests limited real\u2011world activity. Attacking this flaw would require the ability to craft and send netlink messages, a capability typically confined to local or privileged users. On successful exploitation, an attacker could repeatedly trigger WARN splat messages and cause legitimate netlink traffic to be discarded, which could disrupt logging or monitoring flows but does not compromise system integrity or confidentiality."}}}}, "created": "2026-04-14T16:19:25.229128+00:00", "updated": "2026-04-14T16:34:32.464872+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-119"]}