CVE-2026-31684

April 25, 2026, 9:16 a.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: net: sched: act_csum: validate nested VLAN headers tcf_csum_act() walks nested VLAN headers directly from skb->data when an skb still carries in-payload VLAN tags. The current code reads vlan->h_vlan_encapsulated_proto and then pulls VLAN_HLEN bytes without first ensuring that the full VLAN header is present in the linear area. If only part of an inner VLAN header is linearized, accessing h_vlan_encapsulated_proto reads past the linear area, and the following skb_pull(VLAN_HLEN) may violate skb invariants. Fix this by requiring pskb_may_pull(skb, VLAN_HLEN) before accessing and pulling each nested VLAN header. If the header still is not fully available, drop the packet through the existing error path.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/3d165d975305cf76ff0b10a3c798fb31e5f5f9a5
https://git.kernel.org/stable/c/a69738efea0996d05a3c7d2178551b891744df1b
https://git.kernel.org/stable/c/c842743d073bdd683606cb414eb0ca84465dd834
https://git.kernel.org/stable/c/ec4930979b3f7bbeb7af5744599fc6603a4dba62

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2026-04-25
CVE-2026-31684

Timeline

Published: April 25, 2026, 9:16 a.m.
Last Modified: April 25, 2026, 9:16 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.