EUVD-2026-25648Lifecycle Timeline
1DescriptionNVD
In the Linux kernel, the following vulnerability has been resolved:
netfilter: xt_multiport: validate range encoding in checkentry
ports_match_v1() treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports[] element as the range end.
The checkentry path currently validates protocol, flags and count, but it does not validate the range encoding itself. As a result, malformed rules can mark the last slot as a range start or place two range starts back to back, leaving ports_match_v1() to step past the last valid ports[] element while interpreting the rule.
Reject malformed multiport v1 rules in checkentry by validating that each range start has a following element and that the following element is not itself marked as another range start.
Analysis
In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_multiport: validate range encoding in checkentry ports_match_v1() treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports[] element as the range end. The checkentry path currently validates protocol, flags and count, but it does not validate the range encoding itself. …
Sign in for full analysis, threat intelligence, and remediation guidance.
More from same product – last 7 days
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in __inet_lookup_est
Integer underflow in Linux kernel stmmac network driver allows kernel memory disclosure and potential corruption via cra
Use-after-free in Linux kernel batman-adv (B.A.T.M.A.N. Advanced mesh networking) allows remote network attackers to tri
In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buf
In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst_cache for input and output paths
Share
External POC / Exploit Code
Leaving vuln.today