Description

In the Linux kernel, the following vulnerability has been resolved: udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected. Let's say we bind() an UDP socket to the wildcard address with a non-zero port, connect() it to an address, and disconnect it from the address. bind() sets SOCK_BINDPORT_LOCK on sk->sk_userlocks (but not SOCK_BINDADDR_LOCK), and connect() calls udp_lib_hash4() to put the socket into the 4-tuple hash table. Then, __udp_disconnect() calls sk->sk_prot->rehash(sk). It computes a new hash based on the wildcard address and moves the socket to a new slot in the 4-tuple hash table, leaving a garbage in the chain that no packet hits. Let's remove such a socket from 4-tuple hash table when disconnected. Note that udp_sk(sk)->udp_portaddr_hash needs to be udpated after udp_hash4_dec(hslot2) in udp_unhash4().

INFO

Published Date :

2026-03-25T10:27:22.526Z

Last Modified :

2026-04-13T06:05:10.919Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23331 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23331.

URL Resource
https://git.kernel.org/stable/c/3b8f104880c104151f8c30f2f89df81fb59a286c cve-icon cve-icon
https://git.kernel.org/stable/c/6996a2d2d0a64808c19c98002aeb5d9d1b2df6a4 cve-icon cve-icon
https://git.kernel.org/stable/c/b955350778b8715e1b7885179979b3a68221c0fb cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026032532-CVE-2026-23331-735b@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-23331 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-23331 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact