UDP Socket Binding Vulnerability in Linux Kernel
CVE-2026-31503

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31503?

A vulnerability has been identified in the Linux kernel that affects the UDP socket binding mechanism. The issue occurs when binding a UDP socket to a local address and port, where the system utilizes two separate hash tables for detecting address conflicts. If the number of bound sockets exceeds a threshold, the conflict detection mechanism may fail, allowing unintended bindings to occur. This can enable attackers to exploit the socket binding process, potentially leading to conflicts and unauthorized access. The flaw impacts both IPv4 and IPv6 addresses and highlights the importance of maintaining proper conflict resolution methods in network programming.

Affected Version(s)

Linux 30fff9231fad757c061285e347b33c5149c2c2e4

Linux 30fff9231fad757c061285e347b33c5149c2c2e4 < 2297e38114316b26ae02f2d205c49b5511c5ed55

Linux 30fff9231fad757c061285e347b33c5149c2c2e4

References

https://git.kernel.org/stable/c/d6ace0dbcbb7fd285738bb87b...

https://git.kernel.org/stable/c/2297e38114316b26ae02f2d20...

https://git.kernel.org/stable/c/f1bed05a832ae79be5f7a105d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31503 Data

JSON