{"id":2227985,"url":"http://patchwork.ozlabs.org/api/covers/2227985/?format=json","web_url":"http://patchwork.ozlabs.org/project/ubuntu-kernel/cover/20260424164150.3658854-1-tim.whisonant@canonical.com/","project":{"id":15,"url":"http://patchwork.ozlabs.org/api/projects/15/?format=json","name":"Ubuntu Kernel","link_name":"ubuntu-kernel","list_id":"kernel-team.lists.ubuntu.com","list_email":"kernel-team@lists.ubuntu.com","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260424164150.3658854-1-tim.whisonant@canonical.com>","list_archive_url":null,"date":"2026-04-24T16:41:46","name":"[SRU,J/N/Q,0/1] CVE-2026-31418","submitter":{"id":89903,"url":"http://patchwork.ozlabs.org/api/people/89903/?format=json","name":"Tim Whisonant","email":"tim.whisonant@canonical.com"},"mbox":"http://patchwork.ozlabs.org/project/ubuntu-kernel/cover/20260424164150.3658854-1-tim.whisonant@canonical.com/mbox/","series":[{"id":501394,"url":"http://patchwork.ozlabs.org/api/series/501394/?format=json","web_url":"http://patchwork.ozlabs.org/project/ubuntu-kernel/list/?series=501394","date":"2026-04-24T16:41:46","name":"CVE-2026-31418","version":1,"mbox":"http://patchwork.ozlabs.org/series/501394/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/covers/2227985/comments/","headers":{"Return-Path":"<kernel-team-bounces@lists.ubuntu.com>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (4096-bit key;\n unprotected) header.d=canonical.com header.i=@canonical.com\n header.a=rsa-sha256 header.s=20251003 header.b=lNxi0J/P;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)"],"Received":["from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g2Jdw0xdsz1yHv\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 25 Apr 2026 02:42:11 +1000 (AEST)","from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1wGJbM-0000cC-GW; Fri, 24 Apr 2026 16:42:00 +0000","from smtp-relay-internal-0.internal ([10.131.114.225]\n helo=smtp-relay-internal-0.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from <tim.whisonant@canonical.com>)\n id 1wGJbK-0000c2-NN\n for kernel-team@lists.ubuntu.com; Fri, 24 Apr 2026 16:41:58 +0000","from mail-oi1-f200.google.com (mail-oi1-f200.google.com\n [209.85.167.200])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 9B4023FEBE\n for <kernel-team@lists.ubuntu.com>; Fri, 24 Apr 2026 16:41:58 +0000 (UTC)","by mail-oi1-f200.google.com with SMTP id\n 5614622812f47-479d602f323so10514214b6e.1\n for <kernel-team@lists.ubuntu.com>; Fri, 24 Apr 2026 09:41:58 -0700 (PDT)","from localhost (104-6-108-11.lightspeed.frokca.sbcglobal.net.\n [104.6.108.11]) by smtp.gmail.com with ESMTPSA id\n 46e09a7af769-7dcc892c515sm13154693a34.21.2026.04.24.09.41.55\n for <kernel-team@lists.ubuntu.com>\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Fri, 24 Apr 2026 09:41:55 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;\n s=20251003; t=1777048918;\n bh=NmypdvW+uAcEC46aZE2MzFCc/ABDdi4T+2Dqm2//ZUQ=;\n h=From:To:Subject:Date:Message-ID:MIME-Version;\n b=lNxi0J/PbvC9WaquNO6aQ2xU7BU6UV/r6/JWyhB01gyn1e46fEbbu+GRNNr3LaPKG\n YEepeLkd/Ng3vJ/28FOvO0SijISyUNBsTA1Vrg4wINacB7MJmSmxjXaSsggEh9ENZk\n BJwDJYvJPp5tiDwJuxdTQm50RgUW9KDumB3IMTU0X+EV3mWHO5lZA9DlB1snPMipCw\n aqvLVuShqhIhdKKkwYlyUPd1orN0LvO7JIH3J9ZNGfGRVztxq3y1hBTvTl+qY/AYUM\n 7Qw3qXMALxAWbFuqxwXfN3q6UYa7Xnr+NRo/mhyUgxh0HW/c2gq3WTYjhoPE5/XDdx\n yqD+kDuevAfYzDxqT6NxLrWWmaT8EnXUEKH/p2r9usO1oQLwAauEQRbulLp8E4Cn1x\n bL0KhB2+QxvbS2ogyVYPvRKWtX04KM5esHZeM6PTWRceElFC9gZ52NlWZIF8NyQCLt\n lEjk9JorwQCnbVIF/4V/9TqtSSWM0hiryGiwzPE5FAsPO4mPmjP+Km7KODAwJlKI28\n UHMmLn4YzrQ/DO4JGS7nGpY6hk1vU3atF/ppBlWYLWdnuMPr9Mt6bepGtv8C7x9pbv\n na8onw0dP1+eMxwybBcW3KkFKF7XChfyQR3pXverc8nkmpH3DXF5G6i1qDQFUpQdF1\n opN55DA/h3K5tEfHMgTuZ7cQ=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1777048916; x=1777653716;\n h=content-transfer-encoding:mime-version:message-id:date:subject:to\n :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id\n :reply-to;\n bh=NmypdvW+uAcEC46aZE2MzFCc/ABDdi4T+2Dqm2//ZUQ=;\n b=XxyaGVc0ZXnm5PmAJg9gOuN9a/TSIjOYRDJhOYYiRnnsqVv5blMKB93ihFh+Kk36bR\n BnRTyFXspff9crCuvBMQTs/jS8KMxigM5v+iEyw3AhHe925w6XIr0+qwRxtWB6GTvYry\n WivL46V1J1KLSxBfkhm5KsiLpFpUBkCUn8Ng9KEi9Z2rSYOPp1WCSs6CQy3UDhblaxt+\n SCJyQhzFBmSfRuSsmO3vIxbWK35m1MFcpW5ztD2oOqK1XYfc8iiEfpsFmu7faJ8euIMA\n Oz1bAocboVAtUnma1M0oSf5pNQqnkKrZchA3OyOUG5haPlh6uIWpcRt8Y/FAMbD15PvV\n Hi1A==","X-Gm-Message-State":"AOJu0Yw9jFWNVY9kLfNSe14lWN6yyY2tbZ3vfE+whjpSZ3ZEnPLjWXc0\n qEjKpV2MVv/RHCIvU+eVtoxhIJFNJVStnK+E5xgaezqbwxYKOnFqOnJN6gt2vnNd9bCwO+3mlsI\n Ab1PrNIzAggovkpBZ8xD70BvffyLT0DwNuaZYjymycCVl1ZrEg9sXltaonqBzcqKzyHW5jNeBYj\n gZnscPr27Hj2hIqA==","X-Gm-Gg":"AeBDievM8lW03zJYAL1Kdz5v7kAWwjJ9r2PeDJg9EKXdoitvkyUmLiBjrGrH2FjwMCv\n wvOiC76b3dv3uSdGEjxtAVLHwr7/kVW3y3RPI087zidfsSdRiUilLSeQmkWyBt+P3iG8/MmEjSD\n TsGsnQbzcRR/Ogtv0QdyMyhLJo4P2iQha8Tm1SQnqfUJIOIueYAFOadc1vun1fKP45QhNucbXv0\n qmAG12DDghCPE9hSroNcjMM/UVPfnyuo1VqJglqclmrcTbttsVXyuYmjxp6U3TL7EjyEb/46jL8\n SJrvVtba07hzVcigWirFYaZ3eumz1fzlPxBGqh5o788MqqMdlhQ3qIqjaG4P+xOeo+UsHws1Co7\n Ss8c98Bqw5mXMDI/5Ge7u8SnJjp6rGt/9Zry17j+R3o+TGTdEL68NhQEAxtc5buxN2Nfx95oNjN\n LI+YR2O9Un81ka","X-Received":["by 2002:a05:6808:250f:b0:464:74e1:45a0 with SMTP id\n 5614622812f47-4799ca2360cmr15784188b6e.36.1777048916675;\n Fri, 24 Apr 2026 09:41:56 -0700 (PDT)","by 2002:a05:6808:250f:b0:464:74e1:45a0 with SMTP id\n 5614622812f47-4799ca2360cmr15784174b6e.36.1777048916172;\n Fri, 24 Apr 2026 09:41:56 -0700 (PDT)"],"From":"Tim Whisonant <tim.whisonant@canonical.com>","To":"kernel-team@lists.ubuntu.com","Subject":"[SRU][J/N/Q][PATCH 0/1] CVE-2026-31418","Date":"Fri, 24 Apr 2026 09:41:46 -0700","Message-ID":"<20260424164150.3658854-1-tim.whisonant@canonical.com>","X-Mailer":"git-send-email 2.43.0","MIME-Version":"1.0","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions <kernel-team.lists.ubuntu.com>","List-Unsubscribe":"<https://lists.ubuntu.com/mailman/options/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>","List-Archive":"<https://lists.ubuntu.com/archives/kernel-team>","List-Post":"<mailto:kernel-team@lists.ubuntu.com>","List-Help":"<mailto:kernel-team-request@lists.ubuntu.com?subject=help>","List-Subscribe":"<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"base64","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>"},"content":"SRU Justification:\n\n[Impact]\n\nnetfilter: ipset: drop logically empty buckets in mtype_del\n\nmtype_del() counts empty slots below n->pos in k, but it only drops the\nbucket when both n->pos and k are zero. This misses buckets whose live\nentries have all been removed while n->pos still points past deleted slots.\n\nTreat a bucket as empty when all positions below n->pos are unused and\nrelease it directly instead of shrinking it further.\n\n[Fix]\n\nQuesting: applied Jammy patch\nNoble:    applied Jammy patch\nJammy:    cherry picked from upstream\nFocal:    patch sent to forgejo\nBionic:   not affected\nXenial:   not affected\nTrusty:   not affected\n\n[Test Plan]\n\nCompile and boot tested.\n\n[Where problems could occur]\n\nThe change affects the routine responsible for managing ipset\nhash table element removals. Issues might manifest as\nprematurely- or non-freed hash table elements.\n\nYifan Wu (1):\n  netfilter: ipset: drop logically empty buckets in mtype_del\n\n net/netfilter/ipset/ip_set_hash_gen.h | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)"}