CVE-2026-31471

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the xfrm iptfs component where the iptfs clone state() function stores x->mode data before the reorder window is allocated. If this allocation fails, the system frees the cloned state and returns an error, but x->mode data continues to point to the freed memory. Subsequently, the xfrm clone unwind process calls destroy state() using the invalid x->mode data pointer, leading to a double-free scenario where the IPTFS state is torn down again.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.