Type Confusion Vulnerability in Linux Kernel Affecting Network Device Drivers
CVE-2026-31502

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31502?

A type confusion vulnerability in the Linux kernel can lead to crashes in network device drivers. It occurs when the team device incorrectly interprets its own net_device as that of a lower device, leading to potential system instability. This issue arises from the way header_ops are handled, which may improperly call the wrong device context during network operations, particularly in stacked non-Ethernet topologies. The root cause has been identified, and the solution involves implementing correct header_ops wrappers to ensure each callback retrieves the appropriate device context.

Affected Version(s)

Linux 1d76efe1577b4323609b1bcbfafa8b731eda071a < 6d3161fa3eee64d46b766fb0db33ec7f300ef52d

Linux 1d76efe1577b4323609b1bcbfafa8b731eda071a < 0a7468ed49a6b65d34abcc6eb60e15f7f6d34da0

Linux 1d76efe1577b4323609b1bcbfafa8b731eda071a < 20491d384d973a63fbdaf7a71e38d69b0659ea55

References

https://git.kernel.org/stable/c/6d3161fa3eee64d46b766fb0d...

https://git.kernel.org/stable/c/0a7468ed49a6b65d34abcc6eb...

https://git.kernel.org/stable/c/20491d384d973a63fbdaf7a71...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31502 Data

JSON