Linux Kernel Vulnerability in IPv6 Flow Label Management
CVE-2026-31680

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 April 2026

What is CVE-2026-31680?

A vulnerability in the Linux kernel affects the management of IPv6 flow labels, where improper handling of memory can lead to a race condition. Specifically, during the reading of flow labels through the /proc/net/ip6_flowlabel interface, a concurrent reader may attempt to access freed memory, leading to potential crashes. The issue arises when exclusive flowlabels are freed prematurely, exposing a race scenario before proper garbage collection occurs. A fix has been implemented to ensure that the memory for option states is maintained until they are no longer accessible, aligning their lifecycle with that of the enclosing flowlabel.

Affected Version(s)

Linux d3aedd5ebd4b0b925b0bcda548066803e1318499 < 4b6798024f7b2d535f3db1002c760143cdbd1bd3

Linux d3aedd5ebd4b0b925b0bcda548066803e1318499 < 3c54b66c83fb8fcbde8e6a7bf90b65856e39f827

Linux d3aedd5ebd4b0b925b0bcda548066803e1318499 < 5a6b15f861b7c1304949e3350d23490a5fe429fd

References

https://git.kernel.org/stable/c/4b6798024f7b2d535f3db1002...

https://git.kernel.org/stable/c/3c54b66c83fb8fcbde8e6a7bf...

https://git.kernel.org/stable/c/5a6b15f861b7c1304949e3350...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31680 Data

JSON