CVE-2026-31669 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 27, 2026
Linux Kernel - Use After Free
Published: April 24, 2026Updated: April 27, 2026Remote Exploitable
Overview
Linux kernel contains a use-after-free vulnerability in MPTCP caused by improper slab cache initialization in mptcp_subflow_init, letting attackers trigger slab-use-after-free in __inet_lookup_established, exploit requires concurrent ehash lookups under RCU read lock.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can cause use-after-free memory access, potentially leading to system crashes or arbitrary code execution.
Mitigation
Update to the latest Linux kernel version containing the fix for mptcp_subflow_v6_init initialization.
References
- https://git.kernel.org/stable/c/15fa9ead4d5e6b6b9c794e84144146c917f2cb62
- https://git.kernel.org/stable/c/3fd6547f5b8ac99687be6d937a0321efda760597
- https://git.kernel.org/stable/c/9b55b253907e7431210483519c5ad711a37dafa1
- https://git.kernel.org/stable/c/b313e9037d98c13938740e5ebda7852929366dff
- https://git.kernel.org/stable/c/eb9c6aeb512f877cf397deb1e4526f646c70e4a7
- https://git.kernel.org/stable/c/f6e1f25fa5e733570f6d6fe37a4dfed2a0deba47
- https://git.kernel.org/stable/c/fb1f54b7d16f393b8b65d328410f78b4beea8fcc
Related Resources
Details
- CVE ID
- CVE-2026-31669
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- use_after_free
- Status
- unconfirmed
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H