CVE-2026-31518

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak occurs in the Linux kernel involving socket buffers (skb) when using espintcp with asynchronous crypto. When the TX queue for espintcp is full, the esp output tail tcp() function returns an error without freeing the skb. While synchronous crypto relies on the common xfrm output code to drop the packet, asynchronous crypto (handled by esp output done()) requires the skb to be dropped explicitly when esp output tail tcp() fails.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.