Race Condition in Packet Management of Linux Kernel
CVE-2026-31504

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31504?

A race condition exists in the Linux kernel's packet_release() function, where the NETDEV_UP event can incorrectly re-register a socket in the fanout group's array. This leads to a dangling pointer, as the re-registration is not properly cleaned up. As a result, a concurrent packet_notifier could inadvertently link sockets back into the array, causing inconsistencies and potential security implications. The vulnerability has been addressed by ensuring that the socket count is reset correctly while holding the necessary lock, thus eliminating the race condition.

Affected Version(s)

Linux ce06b03e60fc19c680d1bf873e779bf11c2fc518

Linux ce06b03e60fc19c680d1bf873e779bf11c2fc518 < 42cfd7898eeed290c9fb73f732af1f7d6b0a703e

Linux ce06b03e60fc19c680d1bf873e779bf11c2fc518 < 1b4c03f8892d955385c202009af7485364731bb9

References

https://git.kernel.org/stable/c/ee642b1962caa9aa231c01abb...

https://git.kernel.org/stable/c/42cfd7898eeed290c9fb73f73...

https://git.kernel.org/stable/c/1b4c03f8892d955385c202009...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31504 Data

JSON