Description
In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_log: account for netlink header size

This is a followup to an old bug fix: NLMSG_DONE needs to account
for the netlink header size, not just the attribute size.

This can result in a WARN splat + drop of the netlink message,
but other than this there are no ill effects.
Published: 2026-04-13
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel, the nfnetlink_log subsystem was found to mis-handle the NLMSG_DONE message by accounting only for the size of the netlink attributes and ignoring the full netlink header length. When a malformed or oversized header arrives, the kernel produces a WARN splat and drops the message, but no code execution, data corruption, or other serious effects occur.

Affected Systems

Any Linux system running a kernel version prior to the inclusion of the patch that accounts for the full netlink header size is affected. This includes the kernels referenced by the CPE strings (e.g., 7.0 rc1 through rc7). Distributions shipping these kernels without applying the patch are at risk until they upgrade to a newer kernel release.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low likelihood of exploitation. No listing in CISA KEV further indicates limited real world exploitation. Based on the description, it is inferred that the attacker would need the ability to construct and send crafted netlink messages, which typically requires local or privileged user access. If successful, the attacker could repeatedly trigger WARN splats and cause legitimate netlink traffic to be discarded, potentially disrupting logging or monitoring flows but not compromising system integrity or confidentiality.

Generated by OpenCVE AI on May 20, 2026 at 18:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest kernel from your distribution that contains the nfnetlink_log header size patch.
  • If maintaining a custom or older kernel, locate the commit 09883bf257f4243ed5a1fd35078ec6f0d0f3696a, apply the patch, and rebuild the kernel.
  • Reboot the system to load the patched kernel and verify that netlink messages are no longer dropped.

Generated by OpenCVE AI on May 20, 2026 at 18:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4561-1 linux-6.1 security update
Debian DLA Debian DLA DLA-4606-1 linux security update
Debian DSA Debian DSA DSA-6238-1 linux security update
Debian DSA Debian DSA DSA-6243-1 linux security update
History

Wed, 20 May 2026 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Wed, 20 May 2026 15:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Sat, 18 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
References

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Tue, 14 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Mon, 13 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_log: account for netlink header size This is a followup to an old bug fix: NLMSG_DONE needs to account for the netlink header size, not just the attribute size. This can result in a WARN splat + drop of the netlink message, but other than this there are no ill effects.
Title netfilter: nfnetlink_log: account for netlink header size
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-23T16:04:56.281Z

Reserved: 2026-03-09T15:48:24.087Z

Link: CVE-2026-31416

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-13T14:16:10.907

Modified: 2026-05-20T15:36:14.193

Link: CVE-2026-31416

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-13T00:00:00Z

Links: CVE-2026-31416 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T18:30:36Z

Weaknesses