CVE-2026-31675

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An out-of-bounds memory access exists in the netem enqueue() function within the sch netem scheduler. The issue occurs during packet corruption when get random u32 below(skb headlen(skb)) is used to select an index for modifying skb->data. If an AF PACKET TX RING sends fully non-linear packets over an IPIP tunnel, skb headlen(skb) evaluates to 0. Passing 0 to get random u32 below() triggers a slow path that returns an unconstrained 32-bit random integer, which, when used as an offset into skb->data, leads to the memory access error.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.