Linux EUVD-2026-25561

| CVE-2026-31668 CRITICAL
2026-04-24 Linux GHSA-r2p4-96h8-cc74
Authentication Bypass Linux
9.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
CVSS changed
Apr 27, 2026 - 15:22 NVD
9.8 (CRITICAL)
Patch available
Apr 24, 2026 - 16:16 EUVD

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

seg6: separate dst_cache for input and output paths in seg6 lwtunnel

The seg6 lwtunnel uses a single dst_cache per encap route, shared between seg6_input_core() and seg6_output_core(). These two paths can perform the post-encap SID lookup in different routing contexts (e.g., ip rules matching on the ingress interface, or VRF table separation). Whichever path runs first populates the cache, and the other reuses it blindly, bypassing its own lookup.

Fix this by splitting the cache into cache_input and cache_output, so each path maintains its own cached dst independently.

Analysis

In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst_cache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dst_cache per encap route, shared between seg6_input_core() and seg6_output_core(). These two paths can perform the post-encap SID lookup in different routing contexts (e.g., ip rules matching on the ingress interface, or VRF table separation). …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-31669 CRITICAL
9.8 Apr 24

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in __inet_lookup_est
CVE-2026-31649 CRITICAL
9.8 Apr 24

Integer underflow in Linux kernel stmmac network driver allows kernel memory disclosure and potential corruption via cra
CVE-2026-31657 CRITICAL
9.8 Apr 24

Use-after-free in Linux kernel batman-adv (B.A.T.M.A.N. Advanced mesh networking) allows remote network attackers to tri
CVE-2026-31659 CRITICAL
9.8 Apr 24

In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buf
CVE-2026-31589 CRITICAL
9.8 Apr 24

Use-after-free in Linux kernel memory management allows remote code execution when the folio_unmap_invalidate() function

Share

EUVD-2026-25561 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy