Race Condition in Linux Kernel Affecting Network Operations
CVE-2026-31406

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 April 2026

What is CVE-2026-31406?

A race condition exists in the Linux kernel that can lead to unintended behavior in network operations. Specifically, during the cleanup of network resources, the improper scheduling of delayed work associated with NAT keepalive can occur. When the cleanup sequence is interrupted, it may result in a scenario where freed memory is accessed, potentially compromising system stability. The issue has been addressed by replacing cancel_delayed_work_sync() with disable_delayed_work_sync(), ensuring that delayed execution does not occur after resources have been released.

Affected Version(s)

Linux f531d13bdfe3f4f084aaa8acae2cb0f02295f5ae < 32d0f44c2f14d60fe8e920e69a28c11051543ec1

Linux f531d13bdfe3f4f084aaa8acae2cb0f02295f5ae < 2255ed6adbc3100d2c4a83abd9d0396d04b87792

Linux f531d13bdfe3f4f084aaa8acae2cb0f02295f5ae < 21f2fc49ca6faa393c31da33b8a4e6c41fc84c13

References

https://git.kernel.org/stable/c/32d0f44c2f14d60fe8e920e69...

https://git.kernel.org/stable/c/2255ed6adbc3100d2c4a83abd...

https://git.kernel.org/stable/c/21f2fc49ca6faa393c31da33b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31406 Data

JSON