CVE-2026-31414

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the netfilter component within the nf conntrack expect function. Using nfct help() without holding a reference to the master conntrack is unsafe. To maintain existing behavior, the ctnetlink path should use exp->master->helper when userspace does not provide an explicit helper during expectation creation. The ctnetlink expectation path maintains the reference on the master conntrack and the nf conntrack expect lock, while the nfnetlink glue path refers to the master ct attached to the skb.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.