Race condition in Linux kernel - CVE-2026-31508
Published: April 24, 2026
Vulnerability identifier: #VU127642
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31508
CWE-ID: CWE-362
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a race condition in the openvswitch port teardown code when unregistering a netdevice. A local user can trigger netdevice unregistration to cause a denial of service.
The issue can occur on PREEMPT_RT kernels if the device is freed before unregistration completes.
How to mitigate CVE-2026-31508
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/33609454be4f582e686a4bf13d4482a5ca0f6c4b
- https://git.kernel.org/stable/c/43579baa17270aa51f93eb09b6e4af6e047b7f6e
- https://git.kernel.org/stable/c/4c3e25a7b711a402fcbbbcfbbdf2868ece1ae7c8
- https://git.kernel.org/stable/c/5fdeaf591a0942772c2d18ff3563697a49ad01c6
- https://git.kernel.org/stable/c/755a6300afbd743cda4b102f24f343380ec0e0ff
- https://git.kernel.org/stable/c/7c770dadfda5cbbde6aa3c4363ed513f1d212bf8
- https://git.kernel.org/stable/c/95265232b49765a4d00f4d028c100bb7185600f4
- https://git.kernel.org/stable/c/df3c95be76103604e752131d9495a24814915ece