PT-2026-32354 · Linux · Linux Kernel
Published
2026-04-13
·
Updated
2026-05-03
·
CVE-2026-31428
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
A flaw in the netfilter nfnetlink log component allows the leak of stale heap contents to userspace via the NFLOG netlink socket. The function
build packet message() manually constructs the 'NFULA PAYLOAD' netlink attribute, but fails to initialize the trailing padding bytes when the data length is not 4-byte aligned.Recommendations
Replace the manual attribute construction in
build packet message() with nla reserve() to ensure proper padding zeroing.Fix
Use of Uninitialized Resource
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel