PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-31418 Linux CVE debrief

CVE-2026-31418 is a Linux kernel netfilter/ipset issue in mtype_del() where logically empty buckets were not always released. NVD rates the issue medium severity with a local attack vector and high availability impact. Official kernel stable patches are available for the affected branches.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-13
Original CVE updated
2026-05-20
Advisory published
2026-04-13
Advisory updated
2026-05-20

Who should care

Linux kernel maintainers, distro security teams, and administrators of systems running affected kernel versions should care, especially in multi-user environments where local access is available and kernel netfilter/ipset functionality is in use.

Technical summary

The published description says mtype_del() counted empty slots below n->pos in k, but only dropped the bucket when both n->pos and k were zero. That could miss buckets whose live entries had already been removed while n->pos still pointed past deleted slots. The fix is to treat a bucket as empty when all positions below n->pos are unused and release it directly instead of shrinking it further. NVD assigns CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H and no specific CWE beyond NVD-CWE-noinfo.

Defensive priority

Medium; prioritize patching promptly on kernels in the affected ranges because the issue is locally reachable and can materially affect availability.

Recommended defensive actions

  • Apply the relevant Linux kernel stable patch for your release branch from the official kernel.org references.
  • Upgrade to a kernel version outside the affected ranges listed by NVD for your branch.
  • If immediate upgrading is not possible, restrict local access to affected systems and minimize exposure of ipset/netfilter management paths.
  • Track downstream vendor advisories for backported fixes if you run a distribution kernel.
  • Verify whether your fleet includes affected kernel versions across 5.x, 6.x, or 7.0 release candidates listed by NVD.

Evidence notes

CVE publishedAt is 2026-04-13T14:16:11.267Z and modifiedAt is 2026-05-20T19:32:14.053Z. The source description identifies the bug in netfilter: ipset and the mtype_del() cleanup path. NVD lists affected Linux kernel ranges including 5.4.24 before 5.5, 5.5.8 before 5.6, 5.6.1 before 5.10.253, 5.11 before 5.15.203, 5.16 before 6.1.168, 6.2 before 6.6.134, 6.7 before 6.12.81, 6.13 before 6.18.22, and 6.19 before 6.19.12, plus specific 5.6 and 7.0 release candidate entries. NVD vulnerability status is Analyzed and the references include official kernel.org stable patch links.

Official resources

Publicly disclosed in the CVE record on 2026-04-13 and last modified in NVD on 2026-05-20 after official patch references were added.