Information Leak in Linux Kernel's XFRM User Interface
CVE-2026-31671

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31671?

A vulnerability in the Linux kernel's xfrm_user interface allows uninitialized padding bytes to be exposed in user space. This can lead to unintended information disclosure, which might expose sensitive data. The issue arises from a failure to zero out the padding of the struct xfrm_user_report before copying it to user space, potentially allowing attackers to read data from memory that they should not have access to. A fix has been introduced to ensure the structure is properly zeroed, enhancing the security of the kernel.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 716c546e88cfe49d841658240e10cb57bc50a2cc

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0616314b3b34f24cbb91da8c6bd8bcdc4c8592f9

References

https://git.kernel.org/stable/c/d27c02eec529f78055a46a5c9...

https://git.kernel.org/stable/c/716c546e88cfe49d841658240...

https://git.kernel.org/stable/c/0616314b3b34f24cbb91da8c6...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31671 Data

JSON