CVE-2026-31515

MEDIUM EPSS 2.4%
Published Apr 22, 20262mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 22, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: af_key: validate families in pfkey_send_migrate() syzbot was able to trigger a crash in skb_put() [1] Issue is that pfkey_send_migrate() does not check old/new families, and that set_ipsecrequest() @family argument was truncated, thus possibly overfilling the skb. Validate families early, do not wait set_ipsecrequest(). [1] skbuff: skb_over_panic: text:ffffffff8a752120 len:392 put:16 head:ffff88802a4ad040 data:ffff88802a4ad040 tail:0x188 end:0x180 dev:<NULL> kernel BUG at net/core/skbuff.c:214 ! Call Trace: <TASK> skb_over_panic net/core/skbuff.c:219 [inline] skb_put+0x159/0x210 net/core/skbuff.c:2655 skb_put_zero include/linux/skbuff.h:2788 [inline] set_ipsecrequest net/key/af_key.c:3532 [inline] pfkey_send_migrate+0x1270/0x2e50 net/key/af_key.c:3636 km_migrate+0x155/0x260 net/xfrm/xfrm_state.c:2848 xfrm_migrate+0x2140/0x2450 net/xfrm/xfrm_policy.c:4705 xfrm_do_migrate+0x8ff/0xaa0 net/xfrm/xfrm_user.c:3150

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 15

VendorProductVersionRange
linuxlinux_kernel*≥2.6.21.1  –  <5.10.253
linuxlinux_kernel*≥5.11  –  <5.15.203
linuxlinux_kernel*≥5.16  –  <6.1.168
linuxlinux_kernel*≥6.2  –  <6.6.131
linuxlinux_kernel*≥6.7  –  <6.12.80
linuxlinux_kernel*≥6.13  –  <6.18.21
linuxlinux_kernel*≥6.19  –  <6.19.11
linuxlinux_kernel2.6.21any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/7b18692c59afb8e5c364c8e3ac01e51dd6b52028
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/83f644ea92987c100b82d8481ae2230faeed3d34
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8ddf8de7e758f6888988467af9ffc8adf589fb16
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d0c5aa8dd38887714f1aad04236a3620b56a5e4e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d3225e6b9bd51ec177970a628fe4b11237ce87d5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e06b596fc4eb01936a2e5dccad17c946d660bab8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eb2d16a7d599dc9d4df391b5e660df9949963786
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ee836e820a40e2ca4da8af7310bff92d586772d4
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/7b18692c59afb8e5c364c8e3ac01e51dd6b52028
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/83f644ea92987c100b82d8481ae2230faeed3d34
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8ddf8de7e758f6888988467af9ffc8adf589fb16
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d0c5aa8dd38887714f1aad04236a3620b56a5e4e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d3225e6b9bd51ec177970a628fe4b11237ce87d5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e06b596fc4eb01936a2e5dccad17c946d660bab8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/eb2d16a7d599dc9d4df391b5e660df9949963786
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ee836e820a40e2ca4da8af7310bff92d586772d4
    Patch