CVE-2026-31427

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description In the netfilter module, the process sdp() function declares a union nf inet addr named rtp addr on the stack. This variable is only initialized when a recognized media type with a non-zero port is found within the SDP media descriptions. If the SDP body contains no media lines, only inactive media sections, or only unrecognized media types, rtp addr remains uninitialized. The function then calls the sdp session() hook with the address of rtp addr, leading nf nat sdp session() to use a stale stack value as an IP address to rewrite the SDP session owner and connection lines. Depending on the system configuration, this results in addresses being rewritten to 0.0.0.0 or random stack data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.