CVE-2026-31665

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the netfilter nft ct component. The function nft ct timeout obj destroy() frees the timeout object using kfree() immediately after nf ct untimeout(), without waiting for an RCU grace period. This allows concurrent packet processing on other CPUs to access the timeout object via rcu dereference() in nf ct timeout data() after it has been freed. RCU (Read-Copy-Update) is a synchronization mechanism that allows multiple readers to access data while it is being updated.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.