CVE-2026-23331

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s UDP handling. Specifically, when a UDP socket is bound to a wildcard address with a non-zero port, connected to an address, and then disconnected, the socket may not be correctly removed from the 4-tuple hash table. This can leave garbage data in the hash table chain. The issue occurs because the udp disconnect() function calls a rehash function that moves the socket to a new slot without properly removing it from the original location. The udp unhash4() function needs to be updated after udp hash4 dec(hslot2) to correctly remove the socket.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.