CVE-2026-31496
Description
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_expect: skip expectations in other netns via proc
Skip expectations that do not reside in this netns.
Similar to e77e6ff502ea ("netfilter: conntrack: do not dump other netns's conntrack entries via proc").
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A Linux kernel netfilter vulnerability where /proc could leak conntrack expectations from network namespaces other than the current one.
Overview
CVE-2026-31496 is a medium-severity information disclosure vulnerability in the Linux kernel's netfilter subsystem. The bug resides in the way the nf_conntrack_expect module handles expectations when accessed via the /proc filesystem. Prior to the fix, the code did not check whether a conntrack expectation belonged to the current network namespace before displaying it, potentially leaking expectations from other network namespaces [1][2].
Exploitation
An attacker with the ability to read the /proc/net/nf_conntrack_expect file in a given namespace could have observed conntrack expectations that were created in a different namespace on the same host. No special privileges beyond read access to that proc file are required, as the namespace boundary was not enforced [3]. This is similar in nature to the earlier bug CVE-2016-1574 (conntrack entries leak via proc), which was fixed by commit e77e6ff502ea [1].
Impact
By reading leaked expectations, an attacker could infer the existence of specific connections or the use of helper modules (like FTP or SIP) in other namespaces. While the information itself may be low-value in isolation, it could aid in further attacks by revealing network topology or service usage across namespaces.
Mitigation
The fix was introduced in the Linux kernel via commit 2028405ea698 (and other backport commits) [1][2][3][4]. Users are advised to update their kernels to include the patch. No workaround is known; disabling process-based access to /proc/net/nf_conntrack_expect for unprivileged users is a potential hardening measure.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.6.28.1,<6.1.168
- cpe:2.3:o:linux:linux_kernel:2.6.28:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- git.kernel.org/stable/c/168145c87444619e3e649322bbe7719ecd00d411nvdPatch
- git.kernel.org/stable/c/2028405ea6987b4448784e439413202cfe19f43fnvdPatch
- git.kernel.org/stable/c/3265ad619987cb551edaf797ed056d80ac450225nvdPatch
- git.kernel.org/stable/c/3db5647984de03d9cae0dcddb509b058351f0ee4nvdPatch
- git.kernel.org/stable/c/9ca8c7452493d915f9bbf2f39331e6c583d07a23nvdPatch
- git.kernel.org/stable/c/dcfcd95b3ae7683e8ae55c92284b3430ce614bc7nvdPatch
News mentions
0No linked articles in our index yet.