CVE-2026-31674

Published: Apr 25, 2026Modified: May 6, 2026

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Exploitability: 1.8 / Impact: 5.2

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (Secondary)

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() Reject rt match rules whose addrnr exceeds IP6T_RT_HOPS. rt_mt6() expects addrnr to stay within the bounds of rtinfo->addrs[]. Validate addrnr during rule installation so malformed rules are rejected before the match logic can use an out-of-range value.

Affected (17)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 2.6.12.1 to 5.10.253
Linux Linux Kernel	From 5.11 to 5.15.203
Linux Linux Kernel	From 5.16 to 6.1.168
Linux Linux Kernel	From 6.13 to 6.18.21
Linux Linux Kernel	From 6.19 to 6.19.11
Linux Linux Kernel	From 6.2 to 6.6.131
Linux Linux Kernel	From 6.7 to 6.12.80
Linux Linux Kernel	Version 2.6.12
Linux Linux Kernel	Version 2.6.12 rc2
Linux Linux Kernel	Version 2.6.12 rc3
Linux Linux Kernel	Version 2.6.12 rc4
Linux Linux Kernel	Version 2.6.12 rc5
Linux Linux Kernel	Version 7.0 rc1
Linux Linux Kernel	Version 7.0 rc2
Linux Linux Kernel	Version 7.0 rc3
Linux Linux Kernel	Version 7.0 rc4
Linux Linux Kernel	Version 7.0 rc5