CVE-2026-31406 — Expired Pointer Dereference in Linux
Severity
5.5MEDIUM
No vectorEPSS
0.0%
top 98.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 6
Description
In the Linux kernel, the following vulnerability has been resolved:
xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini()
After cancel_delayed_work_sync() is called from
xfrm_nat_keepalive_net_fini(), xfrm_state_fini() flushes remaining
states via __xfrm_state_delete(), which calls
xfrm_nat_keepalive_state_updated() to re-schedule nat_keepalive_work.
The following is a simple race scenario:
cpu0 cpu1
cleanup_net() [Round 1]
ops_undo_list()
xfrm_net_exit()
xfrm_nat_keepali…
Affected Packages2 packages
▶CVEListV5linux/linuxf531d13bdfe3f4f084aaa8acae2cb0f02295f5ae — 32d0f44c2f14d60fe8e920e69a28c11051543ec1+4
🔴Vulnerability Details
2GHSA▶
GHSA-pfp5-r4vh-w3r6: In the Linux kernel, the following vulnerability has been resolved:
xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini()
After c↗2026-04-06
OSV▶
CVE-2026-31406: In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() After can↗2026-04-06
📋Vendor Advisories
2🕵️Threat Intelligence
1345💬Community
1Bugzilla▶
CVE-2026-31406 kernel: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini()↗2026-04-06