CVE-2026-31684

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the tcf csum act() function where nested VLAN headers are processed directly from skb->data when a socket buffer still contains in-payload VLAN tags. The system reads vlan->h vlan encapsulated proto and pulls VLAN HLEN bytes without verifying that the complete VLAN header is present in the linear area. If only a portion of an inner VLAN header is linearized, accessing h vlan encapsulated proto reads beyond the linear area, and the subsequent skb pull(VLAN HLEN) operation may violate socket buffer invariants.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.