TOCTOU Race Condition in Linux Kernel Networking Component
CVE-2026-31700
What is CVE-2026-31700?
A vulnerability exists in the Linux kernel's networking code where a time-of-check to time-of-use (TOCTOU) race condition can be exploited. Specifically, when the PACKET_VNET_HDR feature is enabled, a vulnerability allows a malicious userspace thread to modify header fields in the vnet_hdr that the kernel is validating. This occurs between the initial validation of the header and its use in subsequent processing, which could allow for safety checks to be bypassed. The issue is tied to the mmap'd transmission ring buffers shared between the kernel and userspace, enabling potential unauthorized access and manipulation by malicious actors. The fix addresses this vulnerability by ensuring that the vnet_hdr is copied to a stack-local variable prior to validation, similar to existing safeguards in other components of the kernel.
Affected Version(s)
Linux 1d036d25e5609ba73fee6a88db01c306b140d512 < 74e2db36fe50e3ad9d5300d7fd0e6e2a15a6d121
Linux 1d036d25e5609ba73fee6a88db01c306b140d512 < 3a1bf9116ea31470b89692585c3910dfe830dcdd
Linux 1d036d25e5609ba73fee6a88db01c306b140d512 < 28324a3b62d9ce7f9bdd65a8ce63f382041d1b27