PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-31518 Linux CVE debrief

A Linux kernel vulnerability, CVE-2026-31518, has been resolved. The vulnerability is related to the espintcp and async crypto components, which could lead to a skb leak. This issue arises when the TX queue for espintcp is full, and esp_output_tail_tcp returns an error without freeing the skb. With async crypto, the common xfrm output code will not drop the packet, necessitating manual handling. The vulnerability has a CVSS score of 5.5, indicating a medium severity level. Linux kernel versions 5.6 to 7.0 rc7 are affected.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-22
Original CVE updated
2026-07-14
Advisory published
2026-04-22
Advisory updated
2026-07-14

Who should care

System administrators and security teams managing Linux kernel-based systems, especially those using versions 5.6 to 7.0 rc7, should be aware of this vulnerability. Applying the necessary patches is crucial to prevent potential skb leaks and ensure the security of the system. These teams should review system configurations, update Linux kernel versions, and monitor system logs for potential issues.

Technical summary

The CVE-2026-31518 vulnerability affects the Linux kernel, specifically in the espintcp and async crypto components. When the TX queue for espintcp is full, and esp_output_tail_tcp returns an error, the skb is not freed. This issue is critical for systems using Linux kernel versions 5.6 to 7.0 rc7. The CVSS score for this vulnerability is 5.5, indicating a medium severity level. Affected systems may experience skb leaks, which could lead to performance issues or crashes.

Defensive priority

Apply patches to fix the skb leak issue in the Linux kernel. Review and update Linux kernel versions to ensure they are not vulnerable. Monitor system logs for potential issues related to espintcp and async crypto.

Recommended defensive actions

  • Apply patches provided by the Linux kernel maintainers to fix the skb leak issue.
  • Review and update Linux kernel versions to ensure they are not vulnerable.
  • Monitor system logs for potential issues related to espintcp and async crypto.
  • Perform a thorough review of system configurations and Linux kernel versions to identify potential exposure.
  • Implement compensating controls for exposed systems while remediation is scheduled and verified.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review.

Evidence notes

The CVE record was published on 2026-04-22T14:16:51.410Z and last modified on 2026-07-14T13:18:44.683Z. The NVD entry is currently Modified. This vulnerability affects Linux kernel versions 5.6 to 7.0 rc7. The espintcp and async crypto components are impacted, leading to potential skb leaks. Defenders should verify system logs for related issues and review the Linux kernel versions in use.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-04-22T14:16:51.410Z and has not been modified since then. The NVD entry is currently Modified.