netfilter: ipset: drop logically empty buckets in mtype_del
mtype_del() counts empty slots below n->pos in k, but it only drops the
bucket when both n->pos and k are zero. This misses buckets whose live
entries have all been removed while n->pos still points past deleted slots.
Treat a bucket as empty when all positions below n->pos are unused and
release it directly instead of shrinking it further.
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Debian DLA |
DLA-4561-1 | linux-6.1 security update |
Debian DLA |
DLA-4606-1 | linux security update |
Debian DSA |
DSA-6238-1 | linux security update |
Debian DSA |
DSA-6243-1 | linux security update |
Ubuntu USN |
USN-8490-1 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8491-1 | Linux kernel (OEM) vulnerabilities |
Ubuntu USN |
USN-8492-1 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8493-1 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8492-2 | Linux kernel vulnerabilities |
Ubuntu USN |
USN-8493-2 | Linux kernel (Oracle) vulnerabilities |
Ubuntu USN |
USN-8497-1 | Linux kernel (Low Latency) vulnerabilities |
Ubuntu USN |
USN-8498-1 | Linux kernel (NVIDIA Tegra) vulnerabilities |
Ubuntu USN |
USN-8499-1 | Linux kernel (Xilinx) vulnerabilities |
Wed, 20 May 2026 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-399 CWE-401 |
Wed, 20 May 2026 19:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | NVD-CWE-noinfo | |
| CPEs | cpe:2.3:o:linux:linux_kernel:5.6:-:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.6:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.6:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.6:rc6:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.6:rc7:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:* |
|
| Metrics |
cvssV3_1
|
Sat, 18 Apr 2026 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 14 Apr 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-399 CWE-401 |
Tue, 14 Apr 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Mon, 13 Apr 2026 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: drop logically empty buckets in mtype_del mtype_del() counts empty slots below n->pos in k, but it only drops the bucket when both n->pos and k are zero. This misses buckets whose live entries have all been removed while n->pos still points past deleted slots. Treat a bucket as empty when all positions below n->pos are unused and release it directly instead of shrinking it further. | |
| Title | netfilter: ipset: drop logically empty buckets in mtype_del | |
| First Time appeared |
Linux
Linux linux Kernel |
|
| CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Linux
Linux linux Kernel |
|
| References |
|
|
Status: PUBLISHED
Assigner: Linux
Published:
Updated: 2026-05-23T16:04:57.387Z
Reserved: 2026-03-09T15:48:24.087Z
Link: CVE-2026-31418
No data.
Status : Analyzed
Published: 2026-04-13T14:16:11.267
Modified: 2026-06-17T10:33:40.713
Link: CVE-2026-31418
OpenCVE Enrichment
Updated: 2026-05-20T23:30:41Z
Debian DLA
Debian DSA
Ubuntu USN