CVE-2026-23331Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime8 documents7 sources
Severity
3.3LOW
No vector
EPSS
0.0%
top 94.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected. Let's say we bind() an UDP socket to the wildcard address with a non-zero port, connect() it to an address, and disconnect it from the address. bind() sets SOCK_BINDPORT_LOCK on sk->sk_userlocks (but not SOCK_BINDADDR_LOCK), and connect() calls udp_lib_hash4() to put the socket into the 4-tuple hash table. Then, __udp_disconnect() calls sk->sk_pro

Affected Packages3 packages

Linuxlinux/linux_kernel6.13.06.18.17+1
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux78c91ae2c6deb5d236a5a93ff2995cdd05514380b955350778b8715e1b7885179979b3a68221c0fb+3

🔴Vulnerability Details

4
CVEList
udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected.2026-03-25
GHSA
GHSA-jc3m-qg79-3244: In the Linux kernel, the following vulnerability has been resolved: udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected2026-03-25
OSV
CVE-2026-23331: In the Linux kernel, the following vulnerability has been resolved: udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected2026-03-25
OSV
udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected.2026-03-25

📋Vendor Advisories

2
Red Hat
kernel: udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected2026-03-25
Debian
CVE-2026-23331: linux - In the Linux kernel, the following vulnerability has been resolved: udp: Unhash...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23331 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23331 — Linux vulnerability | cvebase