Linux kernel: nf_conntrack_expect skip expectations in other netns via proc
CVE-2026-31496 Published on April 22, 2026
netfilter: nf_conntrack_expect: skip expectations in other netns via proc
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_expect: skip expectations in other netns via proc
Skip expectations that do not reside in this netns.
Similar to e77e6ff502ea ("netfilter: conntrack: do not dump other netns's
conntrack entries via proc").
Products Associated with CVE-2026-31496
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 9b03f38d0487f3908696242286d934c9b38f9d2a and below 2028405ea6987b4448784e439413202cfe19f43f is affected.
- Version 9b03f38d0487f3908696242286d934c9b38f9d2a and below 168145c87444619e3e649322bbe7719ecd00d411 is affected.
- Version 9b03f38d0487f3908696242286d934c9b38f9d2a and below dcfcd95b3ae7683e8ae55c92284b3430ce614bc7 is affected.
- Version 9b03f38d0487f3908696242286d934c9b38f9d2a and below 9ca8c7452493d915f9bbf2f39331e6c583d07a23 is affected.
- Version 9b03f38d0487f3908696242286d934c9b38f9d2a and below 3265ad619987cb551edaf797ed056d80ac450225 is affected.
- Version 9b03f38d0487f3908696242286d934c9b38f9d2a and below 3db5647984de03d9cae0dcddb509b058351f0ee4 is affected.
- Version 2.6.28 is affected.
- Before 2.6.28 is unaffected.
- Version 6.1.168, <= 6.1.* is unaffected.
- Version 6.6.131, <= 6.6.* is unaffected.
- Version 6.12.80, <= 6.12.* is unaffected.
- Version 6.18.21, <= 6.18.* is unaffected.
- Version 6.19.11, <= 6.19.* is unaffected.
- Version 7.0, <= * is unaffected.