CVE-2026-31496 PUBLISHED

netfilter: nf_conntrack_expect: skip expectations in other netns via proc

Assigner: Linux
Reserved: 09.03.2026 Published: 22.04.2026 Updated: 22.04.2026

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_conntrack_expect: skip expectations in other netns via proc

Skip expectations that do not reside in this netns.

Similar to e77e6ff502ea ("netfilter: conntrack: do not dump other netns's conntrack entries via proc").

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 9b03f38d0487f3908696242286d934c9b38f9d2a to 2028405ea6987b4448784e439413202cfe19f43f (excl.)
  • affected from 9b03f38d0487f3908696242286d934c9b38f9d2a to 168145c87444619e3e649322bbe7719ecd00d411 (excl.)
  • affected from 9b03f38d0487f3908696242286d934c9b38f9d2a to dcfcd95b3ae7683e8ae55c92284b3430ce614bc7 (excl.)
  • affected from 9b03f38d0487f3908696242286d934c9b38f9d2a to 9ca8c7452493d915f9bbf2f39331e6c583d07a23 (excl.)
  • affected from 9b03f38d0487f3908696242286d934c9b38f9d2a to 3265ad619987cb551edaf797ed056d80ac450225 (excl.)
  • affected from 9b03f38d0487f3908696242286d934c9b38f9d2a to 3db5647984de03d9cae0dcddb509b058351f0ee4 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 2.6.28 is affected
  • unaffected from 0 to 2.6.28 (excl.)
  • unaffected from 6.1.168 to 6.1.* (incl.)
  • unaffected from 6.6.131 to 6.6.* (incl.)
  • unaffected from 6.12.80 to 6.12.* (incl.)
  • unaffected from 6.18.21 to 6.18.* (incl.)
  • unaffected from 6.19.11 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References