Linux kernel netfilter ipset empty bucket deletion bug
CVE-2026-31418 Published on April 13, 2026
netfilter: ipset: drop logically empty buckets in mtype_del
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: drop logically empty buckets in mtype_del
mtype_del() counts empty slots below n->pos in k, but it only drops the
bucket when both n->pos and k are zero. This misses buckets whose live
entries have all been removed while n->pos still points past deleted slots.
Treat a bucket as empty when all positions below n->pos are unused and
release it directly instead of shrinking it further.
Products Associated with CVE-2026-31418
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 and below c098ff857e7ca923539164af5b3c2fe3e8f8afaf is affected.
- Version 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 and below 58f3a14826d4e6b0d5421f1a64be280b48601ea2 is affected.
- Version 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 and below ad92ee87462f9a3061361d392e9dbfe2e5c1c9fb is affected.
- Version 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 and below 6cea34d7ec6829b62f521a37a287f670144a2233 is affected.
- Version 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 and below b7eef00f08b92b0b9efe8ae0df6d0005e6199323 is affected.
- Version 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 and below 68ca0eea0af02bed36c5e2c13e9fa1647c31a7d4 is affected.
- Version 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 and below ceacaa76f221a6577aba945bb8873c2e640aeba4 is affected.
- Version 8af1c6fbd9239877998c7f5a591cb2c88d41fb66 and below 9862ef9ab0a116c6dca98842aab7de13a252ae02 is affected.
- Version 6c717726f341fd8f39a3ec2dcf5d98d9d28a2769 is affected.
- Version d2997d64dfa65082236bca1efd596b6c935daf5e is affected.
- Version 5.6 is affected.
- Before 5.6 is unaffected.
- Version 5.10.253, <= 5.10.* is unaffected.
- Version 5.15.203, <= 5.15.* is unaffected.
- Version 6.1.168, <= 6.1.* is unaffected.
- Version 6.6.134, <= 6.6.* is unaffected.
- Version 6.12.81, <= 6.12.* is unaffected.
- Version 6.18.22, <= 6.18.* is unaffected.
- Version 6.19.12, <= 6.19.* is unaffected.
- Version 7.0, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.