Linux Kernel Vulnerability Affecting espintcp and Async Crypto Functionality
CVE-2026-31518

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-31518?

A memory leak vulnerability exists in the Linux kernel's espintcp module, which mishandles packet memory management when the transmission (TX) queue is full. Specifically, when the esp_output_tail_tcp function encounters an error, it fails to free the socket buffer (skb) due to improper synchronization in the crypto handling process. The error response mechanism does not adequately drop the skb when using asynchronous crypto operations, which can lead to memory being unnecessarily allocated and not released. This could potentially exhaust system resources or lead to degraded performance over time.

Affected Version(s)

Linux e27cca96cd68fa2c6814c90f9a1cfd36bb68c593

Linux e27cca96cd68fa2c6814c90f9a1cfd36bb68c593 < 41aafca57de4a4c026701622bd4648f112a9edcd

Linux e27cca96cd68fa2c6814c90f9a1cfd36bb68c593 < 4820847e036ff1035b01b69ad68dfc17e7028fe9

References

https://git.kernel.org/stable/c/aca3ad0c262f54a5b5c95dda8...

https://git.kernel.org/stable/c/41aafca57de4a4c026701622b...

https://git.kernel.org/stable/c/4820847e036ff1035b01b69ad...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31518 Data

JSON