CVE-2026-31673

In the Linux kernel, the following vulnerability has been resolved:

af unix: read UNIX DIAG VFS data under unix state lock

Exact UNIX diag lookups hold a reference to the socket, but not to u->path. Meanwhile, unix release sock() clears u->path under unix state lock() and drops the path reference after unlocking.

Read the inode and device numbers for UNIX DIAG VFS while holding unix state lock(), then emit the netlink attribute after dropping the lock.

This keeps the VFS data stable while the reply is being built.