Vulnerability-Lookup

WID-SEC-W-2026-1265

Vulnerability from csaf_certbund - Published: 2026-04-23 22:00 - Updated: 2026-05-20 22:00

Summary

Linux Kernel: Schwachstelle ermöglicht nicht spezifizierten Angriff

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff: Ein lokaler Angreifer kann eine Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen, einschließlich der Ausführung von beliebigem Code, der Manipulation von Speicherinhalten oder der Verursachung eines Denial-of-Service-Zustands.

Betroffene Betriebssysteme: - Linux

CVE-2026-31533

Affected products

Known affected 9 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Open Source Linux Kernel <5.15.203 Open Source / Linux Kernel		<5.15.203
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Open Source Linux Kernel <6.19.13 Open Source / Linux Kernel		<6.19.13
Open Source Linux Kernel <7.0 Open Source / Linux Kernel		<7.0
Open Source Linux Kernel <6.12.82 Open Source / Linux Kernel		<6.12.82
Open Source Linux Kernel <6.18.23 Open Source / Linux Kernel		<6.18.23
Open Source Linux Kernel <6.1.169 Open Source / Linux Kernel		<6.1.169
Open Source Linux Kernel <6.6.135 Open Source / Linux Kernel		<6.6.135

References

11 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://lore.kernel.org/linux-cve-announce/	external
https://lore.kernel.org/linux-cve-announce/202604…	external
https://lists.debian.org/debian-lts-announce/2026…	external
https://lists.debian.org/debian-security-announce…	external
https://lists.debian.org/debian-security-announce…	external
https://ubuntu.com/security/notices/USN-8278-1	external
https://ubuntu.com/security/notices/USN-8277-1	external
https://ubuntu.com/security/notices/USN-8279-1	external
https://ubuntu.com/security/notices/USN-8289-1	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstellen im Linux Kernel ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren, einschlie\u00dflich der Ausf\u00fchrung von beliebigem Code, der Manipulation von Speicherinhalten oder der Verursachung eines Denial-of-Service-Zustands.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1265 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1265.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1265 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1265"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-31533",
        "url": "https://lore.kernel.org/linux-cve-announce/2026042309-CVE-2026-31533-9308@gregkh/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4561 vom 2026-05-02",
        "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00005.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6238 vom 2026-05-04",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00148.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6243 vom 2026-05-04",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00154.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8278-1 vom 2026-05-20",
        "url": "https://ubuntu.com/security/notices/USN-8278-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8277-1 vom 2026-05-20",
        "url": "https://ubuntu.com/security/notices/USN-8277-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8279-1 vom 2026-05-20",
        "url": "https://ubuntu.com/security/notices/USN-8279-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8289-1 vom 2026-05-21",
        "url": "https://ubuntu.com/security/notices/USN-8289-1"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Schwachstelle erm\u00f6glicht nicht spezifizierten Angriff",
    "tracking": {
      "current_release_date": "2026-05-20T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-21T07:57:35.705+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1265",
      "initial_release_date": "2026-04-23T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-23T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-05-03T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2026-05-19T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2026-05-20T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.15.203",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.15.203",
                  "product_id": "T053309"
                }
              },
              {
                "category": "product_version",
                "name": "5.15.203",
                "product": {
                  "name": "Open Source Linux Kernel 5.15.203",
                  "product_id": "T053309-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:5.15.203"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.1.169",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.1.169",
                  "product_id": "T053310"
                }
              },
              {
                "category": "product_version",
                "name": "6.1.169",
                "product": {
                  "name": "Open Source Linux Kernel 6.1.169",
                  "product_id": "T053310-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.1.169"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.6.135",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.6.135",
                  "product_id": "T053311"
                }
              },
              {
                "category": "product_version",
                "name": "6.6.135",
                "product": {
                  "name": "Open Source Linux Kernel 6.6.135",
                  "product_id": "T053311-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.6.135"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.12.82",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.12.82",
                  "product_id": "T053312"
                }
              },
              {
                "category": "product_version",
                "name": "6.12.82",
                "product": {
                  "name": "Open Source Linux Kernel 6.12.82",
                  "product_id": "T053312-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.12.82"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.18.23",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.18.23",
                  "product_id": "T053313"
                }
              },
              {
                "category": "product_version",
                "name": "6.18.23",
                "product": {
                  "name": "Open Source Linux Kernel 6.18.23",
                  "product_id": "T053313-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.18.23"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.19.13",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.19.13",
                  "product_id": "T053314"
                }
              },
              {
                "category": "product_version",
                "name": "6.19.13",
                "product": {
                  "name": "Open Source Linux Kernel 6.19.13",
                  "product_id": "T053314-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.19.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c7.0",
                "product": {
                  "name": "Open Source Linux Kernel \u003c7.0",
                  "product_id": "T053315"
                }
              },
              {
                "category": "product_version",
                "name": "7",
                "product": {
                  "name": "Open Source Linux Kernel 7.0",
                  "product_id": "T053315-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:7.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-31533",
      "product_status": {
        "known_affected": [
          "2951",
          "T053309",
          "T000126",
          "T053314",
          "T053315",
          "T053312",
          "T053313",
          "T053310",
          "T053311"
        ]
      },
      "release_date": "2026-04-23T22:00:00.000+00:00",
      "title": "CVE-2026-31533"
    }
  ]
}

CVE-2026-31533 (GCVE-0-2026-31533)

Vulnerability from cvelistv5 – Published: 2026-04-23 15:11 – Updated: 2026-05-23 16:05

Title

net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption

Summary

In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption The -EBUSY handling in tls_do_encryption(), introduced by commit 859054147318 ("net: tls: handle backlogging of crypto requests"), has a use-after-free due to double cleanup of encrypt_pending and the scatterlist entry. When crypto_aead_encrypt() returns -EBUSY, the request is enqueued to the cryptd backlog and the async callback tls_encrypt_done() will be invoked upon completion. That callback unconditionally restores the scatterlist entry (sge->offset, sge->length) and decrements ctx->encrypt_pending. However, if tls_encrypt_async_wait() returns an error, the synchronous error path in tls_do_encryption() performs the same cleanup again, double-decrementing encrypt_pending and double-restoring the scatterlist. The double-decrement corrupts the encrypt_pending sentinel (initialized to 1), making tls_encrypt_async_wait() permanently skip the wait for pending async callbacks. A subsequent sendmsg can then free the tls_rec via bpf_exec_tx_verdict() while a cryptd callback is still pending, resulting in a use-after-free when the callback fires on the freed record. Fix this by skipping the synchronous cleanup when the -EBUSY async wait returns an error, since the callback has already handled encrypt_pending and sge restoration.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Assigner

Linux

References

7 references

URL	Tags
https://git.kernel.org/stable/c/414fc5e5a5aff776c…
https://git.kernel.org/stable/c/02f3ecadb23558bbe…
https://git.kernel.org/stable/c/0e43e0a3c94044acc…
https://git.kernel.org/stable/c/aa9facde6c5005205…
https://git.kernel.org/stable/c/5d70eb25b41e9b010…
https://git.kernel.org/stable/c/2694d408b0e595024…
https://git.kernel.org/stable/c/a9b8b18364fffce4c…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 3ade391adc584f17b5570fd205de3ad029090368 , < 414fc5e5a5aff776c150f1b86770e0a25a35df3a (git) Affected: cd1bbca03f3c1d845ce274c0d0a66de8e5929f72 , < 02f3ecadb23558bbe068e6504118f1b712d4ece0 (git) Affected: 13eca403876bbea3716e82cdfe6f1e6febb38754 , < 0e43e0a3c94044acc74b8e0927c27972eb5a59e8 (git) Affected: 8590541473188741055d27b955db0777569438e3 , < aa9facde6c5005205874c37db3fd25799d741baf (git) Affected: 8590541473188741055d27b955db0777569438e3 , < 5d70eb25b41e9b010828cd12818b06a0c3b04412 (git) Affected: 8590541473188741055d27b955db0777569438e3 , < 2694d408b0e595024e0fc1d64ff9db0358580f74 (git) Affected: 8590541473188741055d27b955db0777569438e3 , < a9b8b18364fffce4c451e6f6fd218fa4ab646705 (git) Affected: ab6397f072e5097f267abf5cb08a8004e6b17694 (git) Affected: 5.15.160 , < 5.15.203 (semver) Affected: 6.1.84 , < 6.1.169 (semver) Affected: 6.6.18 , < 6.6.135 (semver) Affected: 6.7.6 , < 6.8 (semver)
Linux	Linux	Affected: 6.8 Unaffected: 0 , < 6.8 (semver) Unaffected: 5.15.203 , ≤ 5.15.* (semver) Unaffected: 6.1.169 , ≤ 6.1.* (semver) Unaffected: 6.6.135 , ≤ 6.6.* (semver) Unaffected: 6.12.82 , ≤ 6.12.* (semver) Unaffected: 6.18.23 , ≤ 6.18.* (semver) Unaffected: 6.19.13 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/tls/tls_sw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "414fc5e5a5aff776c150f1b86770e0a25a35df3a",
              "status": "affected",
              "version": "3ade391adc584f17b5570fd205de3ad029090368",
              "versionType": "git"
            },
            {
              "lessThan": "02f3ecadb23558bbe068e6504118f1b712d4ece0",
              "status": "affected",
              "version": "cd1bbca03f3c1d845ce274c0d0a66de8e5929f72",
              "versionType": "git"
            },
            {
              "lessThan": "0e43e0a3c94044acc74b8e0927c27972eb5a59e8",
              "status": "affected",
              "version": "13eca403876bbea3716e82cdfe6f1e6febb38754",
              "versionType": "git"
            },
            {
              "lessThan": "aa9facde6c5005205874c37db3fd25799d741baf",
              "status": "affected",
              "version": "8590541473188741055d27b955db0777569438e3",
              "versionType": "git"
            },
            {
              "lessThan": "5d70eb25b41e9b010828cd12818b06a0c3b04412",
              "status": "affected",
              "version": "8590541473188741055d27b955db0777569438e3",
              "versionType": "git"
            },
            {
              "lessThan": "2694d408b0e595024e0fc1d64ff9db0358580f74",
              "status": "affected",
              "version": "8590541473188741055d27b955db0777569438e3",
              "versionType": "git"
            },
            {
              "lessThan": "a9b8b18364fffce4c451e6f6fd218fa4ab646705",
              "status": "affected",
              "version": "8590541473188741055d27b955db0777569438e3",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "ab6397f072e5097f267abf5cb08a8004e6b17694",
              "versionType": "git"
            },
            {
              "lessThan": "5.15.203",
              "status": "affected",
              "version": "5.15.160",
              "versionType": "semver"
            },
            {
              "lessThan": "6.1.169",
              "status": "affected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThan": "6.6.135",
              "status": "affected",
              "version": "6.6.18",
              "versionType": "semver"
            },
            {
              "lessThan": "6.8",
              "status": "affected",
              "version": "6.7.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/tls/tls_sw.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.203",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.169",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.135",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.82",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.203",
                  "versionStartIncluding": "5.15.160",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.169",
                  "versionStartIncluding": "6.1.84",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.135",
                  "versionStartIncluding": "6.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.82",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.23",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.13",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tls: fix use-after-free in -EBUSY error path of tls_do_encryption\n\nThe -EBUSY handling in tls_do_encryption(), introduced by commit\n859054147318 (\"net: tls: handle backlogging of crypto requests\"), has\na use-after-free due to double cleanup of encrypt_pending and the\nscatterlist entry.\n\nWhen crypto_aead_encrypt() returns -EBUSY, the request is enqueued to\nthe cryptd backlog and the async callback tls_encrypt_done() will be\ninvoked upon completion. That callback unconditionally restores the\nscatterlist entry (sge-\u003eoffset, sge-\u003elength) and decrements\nctx-\u003eencrypt_pending. However, if tls_encrypt_async_wait() returns an\nerror, the synchronous error path in tls_do_encryption() performs the\nsame cleanup again, double-decrementing encrypt_pending and\ndouble-restoring the scatterlist.\n\nThe double-decrement corrupts the encrypt_pending sentinel (initialized\nto 1), making tls_encrypt_async_wait() permanently skip the wait for\npending async callbacks. A subsequent sendmsg can then free the\ntls_rec via bpf_exec_tx_verdict() while a cryptd callback is still\npending, resulting in a use-after-free when the callback fires on the\nfreed record.\n\nFix this by skipping the synchronous cleanup when the -EBUSY async\nwait returns an error, since the callback has already handled\nencrypt_pending and sge restoration."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T16:05:17.591Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/414fc5e5a5aff776c150f1b86770e0a25a35df3a"
        },
        {
          "url": "https://git.kernel.org/stable/c/02f3ecadb23558bbe068e6504118f1b712d4ece0"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e43e0a3c94044acc74b8e0927c27972eb5a59e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa9facde6c5005205874c37db3fd25799d741baf"
        },
        {
          "url": "https://git.kernel.org/stable/c/5d70eb25b41e9b010828cd12818b06a0c3b04412"
        },
        {
          "url": "https://git.kernel.org/stable/c/2694d408b0e595024e0fc1d64ff9db0358580f74"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9b8b18364fffce4c451e6f6fd218fa4ab646705"
        }
      ],
      "title": "net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-31533",
    "datePublished": "2026-04-23T15:11:06.955Z",
    "dateReserved": "2026-03-09T15:48:24.113Z",
    "dateUpdated": "2026-05-23T16:05:17.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1265

CVE-2026-31533 (GCVE-0-2026-31533)

Tags

Sightings

Nomenclature