CVE-2026-31664

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory leak occurs in the Linux kernel due to uninitialized padding bytes in the build polexpire() function. While the build expire() function correctly clears trailing padding bytes of the xfrm user expire structure, the build polexpire() function fails to do so for the xfrm user polexpire structure. Consequently, uninitialized heap memory contents are leaked to userspace via netlink multicast to XFRMNLGRP EXPIRE listeners.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.