CVE-2026-31414 | Linux Kernel up to 6.1.167/6.6.133/6.12.80/6.18.21/6.19.11 nf_conntrack_expect /proc nfct_help privilege escalation

VDB-357146 · CVE-2026-31414 · GCVE-0-2026-31414 LINUX KERNEL UP TO 6.1.167/6.6.133/6.12.80/6.18.21/6.19.11 NF_CONNTRACK_EXPECT /PROC NFCT_HELP PRIVILEGE ESCALATION HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 5.3 $0-$5k 2.44+ Summaryinfo A vulnerability was found in Linux Kernel up to 6.1.167/6.6.133/6.12.80/6.18.21/6.19.11. It has been declared as critical. This impacts the function nfct_help of the file /proc of the component nf_conntrack_expect. Such manipulation leads to an unknown weakness. This vulnerability is documented as CVE-2026-31414. There is not any exploit available. It is recommended to upgrade the affected component. Detailsinfo A vulnerability was found in Linux Kernel up to 6.1.167/6.6.133/6.12.80/6.18.21/6.19.11. It has been rated as critical. Affected by this issue is the function nfct_help of the file /proc of the component nf_conntrack_expect. The impact remains unknown. CVE summarizes: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect: use expect->helper Use expect->helper in ctnetlink and /proc to dump the helper name. Using nfct_help() without holding a reference to the master conntrack is unsafe. Use exp->master->helper in ctnetlink path if userspace does not provide an explicit helper when creating an expectation to retain the existing behaviour. The ctnetlink expectation path holds the reference on the master conntrack and nf_conntrack_expect lock and the nfnetlink glue path refers to the master ct that is attached to the skb. The advisory is available at git.kernel.org. This vulnerability is handled as CVE-2026-31414 since 03/09/2026. Technical details are known, but there is no available exploit. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 04/13/2026). Upgrading to version 6.1.168, 6.6.134, 6.12.81, 6.18.22 or 6.19.12 eliminates this vulnerability. Applying the patch 847cb7fe26c5ce5dce0d1a41fac1ea488b7f1781/e7ccaa0a62a8ff2be5d521299ce79390c318d306/4bd1b3d839172724b33d8d02c5a4ff6a1c775417/b53294bff19e56ada2f230ceb8b1ffde61cc3817/3dfd3f7712b5a800f2ba632179e9b738076a51f0/f01794106042ee27e54af6fdf5b319a2fe3df94d is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version. Productinfo Type Operating System Vendor Linux Name Kernel Version 6.1.167 6.6.133 6.12.0 6.12.1 6.12.2 6.12.3 6.12.4 6.12.5 6.12.6 6.12.7 6.12.8 6.12.9 6.12.10 6.12.11 6.12.12 6.12.13 6.12.14 6.12.15 6.12.16 6.12.17 6.12.18 6.12.19 6.12.20 6.12.21 6.12.22 6.12.23 6.12.24 6.12.25 6.12.26 6.12.27 6.12.28 6.12.29 6.12.30 6.12.31 6.12.32 6.12.33 6.12.34 6.12.35 6.12.36 6.12.37 6.12.38 6.12.39 6.12.40 6.12.41 6.12.42 6.12.43 6.12.44 6.12.45 6.12.46 6.12.47 6.12.48 6.12.49 6.12.50 6.12.51 6.12.52 6.12.53 6.12.54 6.12.55 6.12.56 6.12.57 6.12.58 6.12.59 6.12.60 6.12.61 6.12.62 6.12.63 6.12.64 6.12.65 6.12.66 6.12.67 6.12.68 6.12.69 6.12.70 6.12.71 6.12.72 6.12.73 6.12.74 6.12.75 6.12.76 6.12.77 6.12.78 6.12.79 6.12.80 6.18.0 6.18.1 6.18.2 6.18.3 6.18.4 6.18.5 6.18.6 6.18.7 6.18.8 6.18.9 6.18.10 6.18.11 6.18.12 6.18.13 6.18.14 6.18.15 6.18.16 6.18.17 6.18.18 6.18.19 6.18.20 6.18.21 6.19.0 6.19.1 6.19.2 6.19.3 6.19.4 6.19.5 6.19.6 6.19.7 6.19.8 6.19.9 6.19.10 6.19.11 License open-source Website Vendor: https://www.kernel.org/ CPE 2.3info 🔒 🔒 🔒 CPE 2.2info 🔒 🔒 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 5.5 VulDB Meta Temp Score: 5.3 VulDB Base Score: 5.5 VulDB Temp Score: 5.3 VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Privilege escalation CWE: Unknown CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Partially Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Upgrade: Kernel 6.1.168/6.6.134/6.12.81/6.18.22/6.19.12 Patch: 847cb7fe26c5ce5dce0d1a41fac1ea488b7f1781/e7ccaa0a62a8ff2be5d521299ce79390c318d306/4bd1b3d839172724b33d8d02c5a4ff6a1c775417/b53294bff19e56ada2f230ceb8b1ffde61cc3817/3dfd3f7712b5a800f2ba632179e9b738076a51f0/f01794106042ee27e54af6fdf5b319a2fe3df94d Timelineinfo 03/09/2026 CVE reserved 04/13/2026 +34 days Advisory disclosed 04/13/2026 +0 days VulDB entry created 04/13/2026 +0 days VulDB entry last update Sourcesinfo Vendor: kernel.org Advisory: git.kernel.org Status: Confirmed CVE: CVE-2026-31414 (🔒) GCVE (CVE): GCVE-0-2026-31414 GCVE (VulDB): GCVE-100-357146 Entryinfo Created: 04/13/2026 16:03 Changes: 04/13/2026 16:03 (59) Complete: 🔍 Cache ID: 99:7DF:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸