CVE-2026-31664

In the Linux kernel, the following vulnerability has been resolved:

xfrm: clear trailing padding in build polexpire()

build expire() clears the trailing padding bytes of struct xfrm user expire after setting the hard field via memset after(), but the analogous function build polexpire() does not do this for struct xfrm user polexpire.

The padding bytes after the u8 hard field are left uninitialized from the heap allocation, and are then sent to userspace via netlink multicast to XFRMNLGRP EXPIRE listeners, leaking kernel heap memory contents.

Add the missing memset after() call, matching build expire().