PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-31474 Linux CVE debrief

CVE-2026-31474 is a high-severity vulnerability in the Linux kernel, with a CVSS score of 7.8. This use-after-free vulnerability affects the CAN isotp subsystem, specifically in the isotp_sendmsg() function. The vulnerability occurs when a signal interrupts the wait_event_interruptible() function inside the close() system call, causing the kfree() of the tx.buf to be executed while the sendmsg() function is still accessing it. This can lead to a use-after-free condition, potentially allowing an attacker to execute arbitrary code. The vulnerability has been resolved by moving the kfree() of the tx.buf to the sk_destruct time, ensuring that both isotp_sendmsg() and isotp_release() are done.

Vendor
Linux
Product
Unknown
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-22
Original CVE updated
2026-06-30
Advisory published
2026-04-22
Advisory updated
2026-06-30

Who should care

Linux kernel developers, administrators, and users who rely on the CAN isotp subsystem should be aware of this vulnerability. Affected Linux kernel versions include 6.4.1 to 6.6.131, 6.7 to 6.12.80, 6.13 to 6.18.21, 6.19 to 6.19.11, and 7.0 rc1 to rc7. Red Hat Enterprise Linux users should check for errata updates.

Technical summary

The CVE-2026-31474 vulnerability is a use-after-free condition in the Linux kernel's CAN isotp subsystem. The isotp_sendmsg() function uses cmpxchg() on so->tx.state to serialize access to so->tx.buf. However, if a signal interrupts the wait_event_interruptible() function inside close(), the kfree(so->tx.buf) is executed while sendmsg() may still be reading so->tx.buf. The fix moves kfree() to sk_destruct time. The vulnerability has a CVSS score of 7.8 and is classified as CWE-416 (Use After Free) and CWE-364 (Signal Handler Race Condition).

Defensive priority

High priority should be given to patching affected Linux kernel versions. Administrators should ensure that their Linux systems are updated with the latest kernel patches to prevent potential exploitation of this vulnerability.

Recommended defensive actions

  • Apply kernel patches to update affected Linux kernel versions.
  • Review and update Linux system configurations to ensure CAN isotp subsystem is properly secured.
  • Monitor system logs for potential exploitation attempts.
  • Consider implementing compensating controls, such as network segmentation or access controls, to limit the attack surface.
  • Perform regular vulnerability assessments and penetration testing to identify potential vulnerabilities.

Evidence notes

The CVE-2026-31474 vulnerability was publicly disclosed on April 22, 2026, and has since been modified on June 30, 2026. The vulnerability affects multiple Linux kernel versions, including 6.4.1 to 6.6.131, 6.7 to 6.12.80, 6.13 to 6.18.21, 6.19 to 6.19.11, and 7.0 rc1 to rc7. Red Hat Enterprise Linux users should check for errata updates.

Official resources

This article is AI-assisted and based on the supplied source corpus.