DEBIAN-CVE-2026-31406
- Source
- https://security-tracker.debian.org/tracker/CVE-2026-31406
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-31406.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-31406
- Upstream
- Published
- 2026-04-06T08:16:38.457Z
- Modified
- 2026-04-11T05:01:29.250032Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrmnatkeepalivenetfini() After canceldelayedworksync() is called from xfrmnatkeepalivenetfini(), xfrmstate_fini() flushes remaining states via __xfrmstatedelete(), which calls xfrmnatkeepalivestateupdated() to re-schedule natkeepalivework. The following is a simple race scenario: cpu0 cpu1 cleanupnet() [Round 1] opsundolist() xfrmnetexit() xfrmnatkeepalivenetfini() canceldelayedworksync(natkeepalivework); xfrmstatefini() xfrmstateflush() xfrmstatedelete(x) _xfrmstatedelete(x) xfrmnatkeepalivestateupdated(x) scheduledelayedwork(natkeepalivework); rcubarrier(); netcompletefree(); netpassivedec(net); llistadd(&net->deferfreelist, &deferfreelist); cleanupnet() [Round 2] rcubarrier(); netcompletefree() kmemcachefree(netcachep, net); natkeepalivework() // on freed net To prevent this, canceldelayedworksync() is replaced with disabledelayedworksync().
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6.*
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.19.11-1