CVE-2026-31668 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 27, 2026
Linux Kernel - Cache Poisoning
Published: April 24, 2026Updated: April 27, 2026Remote Exploitable
Overview
Linux kernel contains a cache poisoning vulnerability in seg6 lwtunnel caused by shared dst_cache between input and output paths, letting attackers cause incorrect routing decisions, exploit requires specific routing contexts.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can cause incorrect routing decisions, potentially leading to traffic misrouting or denial of service.
Mitigation
Update to the latest Linux kernel version with the seg6 lwtunnel cache split fix.
References
- https://git.kernel.org/stable/c/750569d6987a0ff46317a4b86eb3907e296287bf
- https://git.kernel.org/stable/c/84d458018b147176b259347103fccb7e93abd2b1
- https://git.kernel.org/stable/c/c3812651b522fe8437ebb7063b75ddb95b571643
- https://git.kernel.org/stable/c/fb56de5d99218de49d5d43ef3a99e062ecd0f9a1
- https://git.kernel.org/stable/c/17d87d42874f5d6c1a0ccc6d9190dfe82a9a7a6a
- https://git.kernel.org/stable/c/1dec91d3b1cefb82635761b7812154af3ef46449
- https://git.kernel.org/stable/c/57d0374d14fa667dec6952173b93e7e84486d5c9
- https://git.kernel.org/stable/c/6305ad032b03d2ea4181b953a66e19a9a6ed053c
Related Resources
Details
- CVE ID
- CVE-2026-31668
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- undefined
- Status
- unconfirmed
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H