Description

In the Linux kernel, the following vulnerability has been resolved: wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit wg_netns_pre_exit() manually acquires rtnl_lock() inside the pernet .pre_exit callback. This causes a hung task when another thread holds rtnl_mutex - the cleanup_net workqueue (or the setup_net failure rollback path) blocks indefinitely in wg_netns_pre_exit() waiting to acquire the lock. Convert to .exit_rtnl, introduced in commit 7a60d91c690b ("net: Add ->exit_rtnl() hook to struct pernet_operations."), where the framework already holds RTNL and batches all callbacks under a single rtnl_lock()/rtnl_unlock() pair, eliminating the contention window. The rcu_assign_pointer(wg->creating_net, NULL) is safe to move from .pre_exit to .exit_rtnl (which runs after synchronize_rcu()) because all RCU readers of creating_net either use maybe_get_net() - which returns NULL for a dying namespace with zero refcount - or access net->user_ns which remains valid throughout the entire ops_undo_list sequence. [ Jason: added __net_exit and __read_mostly annotations that were missing. ]

INFO

Published Date :

2026-04-24T14:42:10.208Z

Last Modified :

2026-04-27T11:00:57.806Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-31579 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-31579.

URL Resource
https://git.kernel.org/stable/c/1c52ef00e391144334f10995985c2f256d4be982 cve-icon cve-icon
https://git.kernel.org/stable/c/9a9e69155b2091b8297afaf1533b8d68a3096841 cve-icon cve-icon
https://git.kernel.org/stable/c/a1d0f6cbb962af29586e3e65a4bced1a5e39221f cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System