PT-2026-32345 · Linux+3 · Linux Kernel+3

Published

2026-04-13

Updated

2026-06-16

CVE-2026-31419

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the bond xmit broadcast() function. The function reuses the original socket buffer (skb) for the last slave and clones it for others. However, concurrent slave enslave or release operations can mutate the slave list during RCU-protected iteration, which may change which slave is identified as the last one mid-loop. This leads to the original skb being double-consumed and double-freed, potentially causing a system crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2026:13566

ALSA-2026:25191

ALSA-2026:25217

CVE-2026-31419

ECHO-D67B-10D3-32FC

OESA-2026-2311

RHSA-2026:13566

RHSA-2026:19521

RHSA-2026:21209

USN-8277-1

USN-8277-2

USN-8278-1

USN-8278-2

USN-8279-1

USN-8279-2

USN-8279-3

USN-8289-1

USN-8289-2

USN-8305-1

USN-8305-2

USN-8310-1

USN-8350-1

USN-8351-1

USN-8374-1

USN-8393-1

USN-8426-1

USN-8426-2

USN-8440-1

Affected Products

Linuxmint

Linux Kernel

Rocky Linux

Ubuntu

PT-2026-32345 · Linux+3 · Linux Kernel+3

CVE-2026-31419

Weakness Enumeration

Related Identifiers

Affected Products

References · 536