CVE-2026-31663

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A Use-After-Free issue exists in the xfrm component of the Linux kernel. After asynchronous crypto completes, the xfrm input resume() function calls dev put() immediately upon re-entry before the socket buffer (skb) reaches transport finish. Because the skb->dev pointer is subsequently used inside NF HOOK and its okfn, a race condition can occur with device teardown.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.