SB20260325123 - Resource exhaustion in Linux kernel ipv4

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource exhaustion (CVE-ID: CVE-2026-23331)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper resource management in the UDP protocol implementation when disconnecting a connected UDP socket that was bound to a non-zero port. A local user can create and manipulate a UDP socket by binding it to a wildcard address with a specific port, connecting it to a remote address, and then disconnecting it, which triggers improper handling during rehashing and leaves stale entries in the 4-tuple hash table, leading to resource leakage.

Successful exploitation may result in gradual depletion of kernel resources, potentially leading to system instability or denial of service.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/3b8f104880c104151f8c30f2f89df81fb59a286c
• https://git.kernel.org/stable/c/6996a2d2d0a64808c19c98002aeb5d9d1b2df6a4
• https://git.kernel.org/stable/c/b955350778b8715e1b7885179979b3a68221c0fb