CVE-2026-31681

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the netfilter xt multiport component where the checkentry path fails to validate range encoding. The ports match v1() function treats any non-zero pflags entry as the start of a port range and automatically consumes the subsequent ports[] element as the range end. Because the validation process does not verify the range encoding, malformed rules can designate the final slot as a range start or place two range starts consecutively. This allows ports match v1() to read beyond the last valid ports[] element while interpreting the rule.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.