CVE-2026-31664

April 24, 2026, 5:51 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: xfrm: clear trailing padding in build_polexpire() build_expire() clears the trailing padding bytes of struct xfrm_user_expire after setting the hard field via memset_after(), but the analogous function build_polexpire() does not do this for struct xfrm_user_polexpire. The padding bytes after the __u8 hard field are left uninitialized from the heap allocation, and are then sent to userspace via netlink multicast to XFRMNLGRP_EXPIRE listeners, leaking kernel heap memory contents. Add the missing memset_after() call, matching build_expire().

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/71a98248c63c535eaa4d4c22f099b68d902006d0
https://git.kernel.org/stable/c/ac6985903db047eaff54db929e4bf6b06782788e
https://git.kernel.org/stable/c/b1dfd6b27df35ef4f87825aa5f607378d23ff0f2
https://git.kernel.org/stable/c/c221ed63a2769a0af8bd849dfe25740048f34ef4
https://git.kernel.org/stable/c/e1af65c669ebb1666c54576614c01a7f9ffcfff6
https://git.kernel.org/stable/c/eda30846ea54f8ed218468e5480c8305ca645e37

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2026-04-24
CVE-2026-31664

Timeline

Published: April 24, 2026, 3:16 p.m.
Last Modified: April 24, 2026, 5:51 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.