CVE-2026-31671 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: xfrm_user: fix info leak in build_report() struct xfrm_user_report is a __u8 proto field followed by a struct xfrm_selector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to userspace. Fix that up by zeroing the structure before setting individual member variables.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0616314b3b34f24cbb91da8c6bd8bcdc4c8592f9
https://git.kernel.org/stable/c/0a30dceb0e1f0c480d2482e6d7cebf8aebb6eb72
https://git.kernel.org/stable/c/6c55714c931051cd7f4839c19ce0867179fd22fe
https://git.kernel.org/stable/c/716c546e88cfe49d841658240e10cb57bc50a2cc
https://git.kernel.org/stable/c/d10119968d0e1f2b669604baf2a8b5fdb72fa6b4
https://git.kernel.org/stable/c/d27c02eec529f78055a46a5c9e6c62684382b2d8
https://git.kernel.org/stable/c/e0c8542c3d097ed4205ded51868195d5d6ddac62
https://git.kernel.org/stable/c/ff5ee507302303b15859753c3e0d67d38fd12c88
https://lore.kernel.org/linux-cve-announce/2026042407-CVE-2026-31671-c4b9@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31671
https://www.cve.org/CVERecord?id=CVE-2026-31671

History

Sat, 25 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-908
References		https://lore.kernel.org/linux-cve-announce/2026042407-CVE-2026-31671-c4b9@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31671 https://www.cve.org/CVERecord?id=CVE-2026-31671
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Fri, 24 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: xfrm_user: fix info leak in build_report() struct xfrm_user_report is a __u8 proto field followed by a struct xfrm_selector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to userspace. Fix that up by zeroing the structure before setting individual member variables.
Title		xfrm_user: fix info leak in build_report()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0616314b3b34f24cbb91da8c6bd8bcdc4c8592f9 https://git.kernel.org/stable/c/0a30dceb0e1f0c480d2482e6d7cebf8aebb6eb72 https://git.kernel.org/stable/c/6c55714c931051cd7f4839c19ce0867179fd22fe https://git.kernel.org/stable/c/716c546e88cfe49d841658240e10cb57bc50a2cc https://git.kernel.org/stable/c/d10119968d0e1f2b669604baf2a8b5fdb72fa6b4 https://git.kernel.org/stable/c/d27c02eec529f78055a46a5c9e6c62684382b2d8 https://git.kernel.org/stable/c/e0c8542c3d097ed4205ded51868195d5d6ddac62 https://git.kernel.org/stable/c/ff5ee507302303b15859753c3e0d67d38fd12c88

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-24T14:45:18.669Z

Updated: 2026-04-25T05:48:30.115Z

Reserved: 2026-03-09T15:48:24.130Z

Link: CVE-2026-31671

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-04-24T15:16:46.903

Modified: 2026-04-24T17:51:40.810

Link: CVE-2026-31671

Redhat

Severity : Low

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31671 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object