CVE-2026-31515
- Source
- https://cve.org/CVERecord?id=CVE-2026-31515
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31515.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-31515
- Downstream
- Published
- 2026-04-22T13:54:32.194Z
- Modified
- 2026-05-18T05:59:50.046209628Z
- Summary
- af_key: validate families in pfkey_send_migrate()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
afkey: validate families in pfkeysend_migrate()
syzbot was able to trigger a crash in skb_put() [1]
Issue is that pfkeysendmigrate() does not check old/new families, and that set_ipsecrequest() @family argument was truncated, thus possibly overfilling the skb.
Validate families early, do not wait set_ipsecrequest().
[1]
skbuff: skboverpanic: text:ffffffff8a752120 len:392 put:16 head:ffff88802a4ad040 data:ffff88802a4ad040 tail:0x188 end:0x180 dev:<NULL> kernel BUG at net/core/skbuff.c:214 ! Call Trace: <TASK> skboverpanic net/core/skbuff.c:219 [inline] skbput+0x159/0x210 net/core/skbuff.c:2655 skbputzero include/linux/skbuff.h:2788 [inline] setipsecrequest net/key/afkey.c:3532 [inline] pfkeysendmigrate+0x1270/0x2e50 net/key/afkey.c:3636 kmmigrate+0x155/0x260 net/xfrm/xfrmstate.c:2848 xfrmmigrate+0x2140/0x2450 net/xfrm/xfrmpolicy.c:4705 xfrmdomigrate+0x8ff/0xaa0 net/xfrm/xfrm_user.c:3150
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31515.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/7b18692c59afb8e5c364c8e3ac01e51dd6b52028
- https://git.kernel.org/stable/c/83f644ea92987c100b82d8481ae2230faeed3d34
- https://git.kernel.org/stable/c/8ddf8de7e758f6888988467af9ffc8adf589fb16
- https://git.kernel.org/stable/c/d0c5aa8dd38887714f1aad04236a3620b56a5e4e
- https://git.kernel.org/stable/c/d3225e6b9bd51ec177970a628fe4b11237ce87d5
- https://git.kernel.org/stable/c/e06b596fc4eb01936a2e5dccad17c946d660bab8
- https://git.kernel.org/stable/c/eb2d16a7d599dc9d4df391b5e660df9949963786
- https://git.kernel.org/stable/c/ee836e820a40e2ca4da8af7310bff92d586772d4
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31515.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-31515
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced08de61beab8a21c8e0b3906a97defda5f1f66eceFixedd0c5aa8dd38887714f1aad04236a3620b56a5e4eFixede06b596fc4eb01936a2e5dccad17c946d660bab8Fixed8ddf8de7e758f6888988467af9ffc8adf589fb16Fixedd3225e6b9bd51ec177970a628fe4b11237ce87d5Fixed7b18692c59afb8e5c364c8e3ac01e51dd6b52028Fixed83f644ea92987c100b82d8481ae2230faeed3d34Fixedee836e820a40e2ca4da8af7310bff92d586772d4Fixedeb2d16a7d599dc9d4df391b5e660df9949963786
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced2.6.21Fixed5.10.253
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.203
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.168
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.131
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.80
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.18.21
- Type
- ECOSYSTEM
- Events
-
Introduced6.19.0Fixed6.19.11