CVE-2026-31504

The CVE-2026-31504 entry describes a race in the Linux kernel’s networking stack: during a NETDEV_UP event, a socket re-registration into a fanout group’s arr[] can leave a dangling pointer if packet_release() doesn’t clear po->num while bind_lock is held. This Use-After-Free risk stems from a...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a NETDEVUP condition that allows for the reuse of freed fanout resources after release. This can...

SUSE CVE-2025-38617

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindlock, another thread can run packetnotifier and process an NETDEVUP event. This race and the fix are both similar to that of commit...

CVE-2025-38617

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindlock, another thread can run packetnotifier and process an NETDEVUP event. This race and the fix are both similar to that of commit...

CVE-2025-38617

CVE-2025-38617 concerns a Linux kernel race in the packet networking path (net/packet) between packet_set_ring() and packet_notifier(). When po->bind_lock is temporarily released during ring setup, a concurrent NETDEV_UP event could be processed by packet_notifier(), risking inconsistent socke...