CVE-2026-31418

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the netfilter ipset component where the mtype del() function fails to drop logically empty buckets. The function counts empty slots below n->pos in k, but only drops the bucket when both n->pos and k are zero. This results in buckets not being released when all live entries are removed while n->pos still points past deleted slots.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.