CVE-2026-31502

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A type confusion issue exists in the team module when handling non-Ethernet ports. The team setup by port() function copies port dev->header ops directly. Consequently, when the team device invokes dev hard header() or dev parse header(), these callbacks may execute using the team net device instead of the actual lower device. This causes netdev priv(dev) to be interpreted as the incorrect private type, potentially leading to a system crash. For example, in a topology consisting of gre, bond, and team, the bond header create() function may receive a team device and incorrectly interpret netdev priv() as bonding private data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.