Skip to main content

Linux Kernel EUVDEUVD-2026-21937

| CVE-2026-31416 MEDIUM
2026-04-13 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Analysis Generated
May 20, 2026 - 15:38 vuln.today
CVSS changed
May 20, 2026 - 15:37 NVD
5.5 (MEDIUM)
Patch released
Apr 18, 2026 - 09:16 nvd
Patch available
Patch available
Apr 16, 2026 - 05:29 EUVD
761b45c661af48da6a065868d59ab1e1f64fd9b6,607245c4dbb86d9a10dd8388da0fb82170a99b61,6b419700e459fbf707ca1543b7c1b57a60fedb73
EUVD ID Assigned
Apr 13, 2026 - 13:45 euvd
EUVD-2026-21937
CVE Published
Apr 13, 2026 - 13:21 nvd
N/A

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nfnetlink_log: account for netlink header size

This is a followup to an old bug fix: NLMSG_DONE needs to account for the netlink header size, not just the attribute size.

This can result in a WARN splat + drop of the netlink message, but other than this there are no ill effects.

AnalysisAI

Local denial-of-service in the Linux kernel's netfilter nfnetlink_log subsystem allows a low-privileged local user to trigger a kernel WARN splat and cause netlink message drops. The root cause is an accounting error in NLMSG_DONE that omits the netlink header size, counting only the attribute size. With a CVSS score of 5.5 (AV:L/AC:L/PR:L) and EPSS at 0.02% (7th percentile), this has no public exploit code identified at time of analysis and is not listed in the CISA KEV catalog - impact is limited to netlink logging availability, with no code execution or data exposure.

Technical ContextAI

The affected subsystem is netfilter's nfnetlink_log component (kernel/net/netfilter/nfnetlink_log.c), which handles logging of network packets to userspace via Netlink. The bug is a size-accounting error: NLMSG_DONE is constructed accounting only for the netlink attribute (nlattr) payload size but not the fixed netlink message header (struct nlmsghdr, 16 bytes). The undersized length field causes the kernel to emit a WARN splat when the discrepancy is detected and subsequently drop the malformed message. CPE data identifies affected products as cpe:2.3:a:linux:linux in multiple stable branches. No CWE is formally assigned, but the defect is best characterized as an off-by-one or improper size calculation (analogous to CWE-131: Incorrect Calculation of Buffer Size), introduced at commit 9dfa1dfe4d5e5e66a991321ab08afe69759d797a and present across several long-term stable series. The tags list 'Information Disclosure,' which conflicts with the CVSS confidentiality impact of C:N - this tag appears to be a metadata error and should not be relied upon.

RemediationAI

The primary fix is upgrading to a patched kernel version: 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, or 7.0, depending on the stable series in use. Fix commits are available directly in the kernel stable tree at https://git.kernel.org/stable/c/761b45c661af48da6a065868d59ab1e1f64fd9b6 (6.1/6.19), https://git.kernel.org/stable/c/607245c4dbb86d9a10dd8388da0fb82170a99b61 (6.18), https://git.kernel.org/stable/c/6b419700e459fbf707ca1543b7c1b57a60fedb73 (6.12), https://git.kernel.org/stable/c/88a8f56e6276f616baad4274c6b8e4683e26e520 (6.6), and additional backports at /6d52a4a0520a6696bdde51caa11f2d6821cd0c01 and /f08ffa3e1c8e36b6131f69c5eb23700c28cbd262. For systems where patching is not immediately possible, a practical compensating control is to unload or blacklist the nfnetlink_log kernel module (modprobe -r nfnetlink_log) if packet logging to userspace is not operationally required - note this disables all NFLOG-based logging (e.g., iptables/nftables LOG targets that use NFLOG) which may affect security tooling or audit pipelines. Restricting untrusted local users from interacting with netfilter subsystems via Linux Security Modules (SELinux/AppArmor network policies) reduces exposure but does not eliminate it for privileged local accounts.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Server 12 SP5-LTSS Affected
SUSE Linux Enterprise Server 12 SP5-LTSS Affected
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 Affected
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed

Share

EUVD-2026-21937 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy