Memory Management Vulnerability in Linux Kernel Affecting skb Heads
CVE-2026-31429
What is CVE-2026-31429?
In the Linux kernel, a notable vulnerability related to memory management has been identified within the skb (socket buffer) heads concerning allocation and deallocation. The flaw arises when KFENCE is activated, leading to misclassification during the free path of allocated memory objects. Specifically, the mismatch occurs when the size of allocated skb head data inadvertently aligns with the SKB_SMALL_HEAD_CACHE_SIZE. This condition disrupts the intended allocation route, resulting in an erroneous cross-cache free operation, which can compromise the stability and security of the kernel's memory handling processes. A fix has been implemented to ensure that all skb head frees revert to a generic path, mitigating the risks associated with the incorrect slab cache type.
Affected Version(s)
Linux bf9f1baa279f0758dc2297080360c5a616843927 < 60313768a8edc7094435975587c00c2d7b834083
Linux bf9f1baa279f0758dc2297080360c5a616843927 < 2d64618ea846d8d033477311f805ca487d6a6696
Linux bf9f1baa279f0758dc2297080360c5a616843927 < 474e00b935db250cac320d10c1d3cf4e44b46721