CVE-2026-31429

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.3 through 6.12.81

Description A slab cross-cache free issue exists in the Linux kernel when KFENCE is enabled. The skb kfree head() function uses skb end offset to distinguish between skb heads allocated from skb small head cache and generic kmalloc caches. Because kfence ksize() returns the exact requested allocation size rather than the slab bucket size, an object allocated via kzalloc() that matches the SKB SMALL HEAD CACHE SIZE can be misclassified. This leads to the object being incorrectly freed to the skb small head cache instead of the original kmalloc cache.

Recommendations Update the Linux kernel to version 6.12.82 or later.