CVE-2026-31674 - Vulnerability Details

- netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()

Description

In the Linux kernel, the following vulnerability has been resolved:

netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()

Reject rt match rules whose addrnr exceeds IP6T_RT_HOPS.

rt_mt6() expects addrnr to stay within the bounds of rtinfo->addrs[].
Validate addrnr during rule installation so malformed rules are rejected
before the match logic can use an out-of-range value.

Published: 2026-04-25

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 13e3e30ed3b5b67cc1db2bd58a5d09b0f07debfa
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< af9b7e2b765966457f4ec23be5bd34a141f89574
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 29ea965a1353bc8303877422f79c8211e9ba9c55
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< c6a503a9f4debc654e3a6a7ca1f7fce6a9953c59
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< ded71f5684df16fa645cca5bf4fe6b0cd8a46119
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< d8795fde1f78669a87c87ac29fceab2f104daa8c
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< a28ebf6f99de270d6338ccdc3b49f3e818f99b7b
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 9d3f027327c2fa265f7f85ead41294792c3296ed

Linux

affected

Version	Status	Constraints
`2.6.12`	affected	—
`0`	unaffected	< 2.6.12
`5.10.253`	unaffected	≤ 5.10.*
`5.15.203`	unaffected	≤ 5.15.*
`6.1.168`	unaffected	≤ 6.1.*
`6.6.131`	unaffected	≤ 6.6.*
`6.12.80`	unaffected	≤ 6.12.*
`6.18.21`	unaffected	≤ 6.18.*
`6.19.11`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/13e3e30ed3b5b67cc1db2bd58a5d09b0f07debfa
https://git.kernel.org/stable/c/29ea965a1353bc8303877422f79c8211e9ba9c55
https://git.kernel.org/stable/c/9d3f027327c2fa265f7f85ead41294792c3296ed
https://git.kernel.org/stable/c/a28ebf6f99de270d6338ccdc3b49f3e818f99b7b
https://git.kernel.org/stable/c/af9b7e2b765966457f4ec23be5bd34a141f89574
https://git.kernel.org/stable/c/c6a503a9f4debc654e3a6a7ca1f7fce6a9953c59
https://git.kernel.org/stable/c/d8795fde1f78669a87c87ac29fceab2f104daa8c
https://git.kernel.org/stable/c/ded71f5684df16fa645cca5bf4fe6b0cd8a46119

History

Sat, 25 Apr 2026 09:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() Reject rt match rules whose addrnr exceeds IP6T_RT_HOPS. rt_mt6() expects addrnr to stay within the bounds of rtinfo->addrs[]. Validate addrnr during rule installation so malformed rules are rejected before the match logic can use an out-of-range value.
Title		netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/13e3e30ed3b5b67cc1db2bd58a5d09b0f07debfa https://git.kernel.org/stable/c/29ea965a1353bc8303877422f79c8211e9ba9c55 https://git.kernel.org/stable/c/9d3f027327c2fa265f7f85ead41294792c3296ed https://git.kernel.org/stable/c/a28ebf6f99de270d6338ccdc3b49f3e818f99b7b https://git.kernel.org/stable/c/af9b7e2b765966457f4ec23be5bd34a141f89574 https://git.kernel.org/stable/c/c6a503a9f4debc654e3a6a7ca1f7fce6a9953c59 https://git.kernel.org/stable/c/d8795fde1f78669a87c87ac29fceab2f104daa8c https://git.kernel.org/stable/c/ded71f5684df16fa645cca5bf4fe6b0cd8a46119

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-25T08:46:50.180Z

Updated: 2026-04-25T08:46:50.180Z

Reserved: 2026-03-09T15:48:24.130Z

Link: CVE-2026-31674

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-25T09:16:00.963

Modified: 2026-04-25T09:16:00.963

Link: CVE-2026-31674

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object