CVE-2026-31427

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nf_conntrack_sip module. This vulnerability occurs in the process_sdp function when the rtp_addr variable is used without proper initialization if the Session Description Protocol (SDP) body lacks recognized media types or active media sections. A remote attacker could potentially exploit this by sending specially crafted SDP messages, leading to the rewriting of session-level owner and connection addresses with uninitialized or stale stack values. This could result in information disclosure or unexpected network behavior, potentially causing a denial of service.