Vulnerability Lookup

🛡️ CVE-2026-31665

🟠 CVSS 7.8 — High ✅ No Known Exploit CWE-416 NVD

7.8

CVSS Score

0 Low4 Medium7 High9 Critical10

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: fix use-after-free in timeout object destroy nft_ct_timeout_obj_destroy() frees the timeout object with kfree() immediately after nf_ct_untimeout(), without waiting for an RCU grace period. Concurrent packet processing on other CPUs may still hold RCU-protected references to the timeout object obtained via rcu_dereference() in nf_ct_timeout_data(). Add an rcu_head to struct nf_ct_timeout and use kfree_rcu() to defer freeing until after an RCU grace period, matching the approach already used in nfnetlink_cttimeout.c. KASAN report: BUG: KASAN: slab-use-after-free in nf_conntrack_tcp_packet+0x1381/0x29d0 Read of size 4 at addr ffff8881035fe19c by task exploit/80 Call Trace: nf_conntrack_tcp_packet+0x1381/0x29d0 nf_conntrack_in+0x612/0x8b0 nf_hook_slow+0x70/0x100 __ip_local_out+0x1b2/0x210 tcp_sendmsg_locked+0x722/0x1580 __sys_sendto+0x2d8/0x320 Allocated by task 75: nft_ct_timeout_obj_init+0xf6/0x290 nft_obj_init+0x107/0x1b0 nf_tables_newobj+0x680/0x9c0 nfnetlink_rcv_batch+0xc29/0xe00 Freed by task 26: nft_obj_destroy+0x3f/0xa0 nf_tables_trans_destroy_work+0x51c/0x5c0 process_one_work+0x2c4/0x5a0

Details

Severity HIGH

CVSS Score 7.8

CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE CWE-416

Public Exploit ✅ No

Source NVD

Published 2026-04-24

Updated 2026-06-02

Modified 2026-04-27

Fix URL https://git.kernel.org/stable/c/070abdf1b04325b21a20a2a0c39a2208af107275

Affected Packages

Software	From version	Fixed in
linux-kernel	—	—

References

Patch https://git.kernel.org/stable/c/070abdf1b04325b21a20a2a0c39a2208af107275

Patch https://git.kernel.org/stable/c/aa7cfa16f98f8ec3e6d47c34e1a8c1ae4b9b8b77

Patch https://git.kernel.org/stable/c/b42aca3660dc2627a29a38131597ca610dc451f9

Patch https://git.kernel.org/stable/c/c458fc1c278a65ad5381083121d39a479973ebed

Patch https://git.kernel.org/stable/c/c581e5c8f2b59158f62efe61c1a3dc36189081ff

Patch https://git.kernel.org/stable/c/d0983b48c10d1509fd795c155f8b1e832e1369ff

Patch https://git.kernel.org/stable/c/f16fe84879a5280f05ebbcea593a189ba0f3e79a

Patch https://git.kernel.org/stable/c/f8dca15a1b190787bbd03285304b569631160eda

🔗 NVD 🔗 Mitre ✅ Fix / Advisory

Similar Threats

Free Vulnerability Check

Is your WordPress site affected?

BotEraser helps you identify potentially vulnerable plugins and themes by checking your installation against known CVE records.

Scan My Site Free →

No credit card required · Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.

Is your WordPress site affected?

Company

Resources

Services

Trusted

Subscribe