Time-of-check Time-of-use (TOCTOU) Race Condition in Linux kernel - CVE-2026-31700
Published: May 2, 2026
Vulnerability identifier: #VU129001
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31700
CWE-ID: CWE-367
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to bypass safety checks.
The vulnerability exists due to a time-of-check time-of-use race condition in tpacket_snd() when processing a mmap'd vnet_hdr in the TPACKET TX path with PACKET_VNET_HDR enabled. A local user can modify vnet_hdr fields in the shared ring buffer between validation and use to bypass safety checks.
Only the TPACKET TX path is affected.
Remediation
Install security update from vendor's repository.
External links
- https://git.kernel.org/stable/c/28324a3b62d9ce7f9bdd65a8ce63f382041d1b27
- https://git.kernel.org/stable/c/2c054e17d9d41f1020376806c7f750834ced4dc5
- https://git.kernel.org/stable/c/3a1bf9116ea31470b89692585c3910dfe830dcdd
- https://git.kernel.org/stable/c/48a6ef291a17639e1b6ae0fbe9c8b2bb87d7804b
- https://git.kernel.org/stable/c/74e2db36fe50e3ad9d5300d7fd0e6e2a15a6d121