CVE-2026-23331

UNKNOWN 0.0

udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected.

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected. Let's say we bind() an UDP socket to the wildcard address with a non-zero port, connect() it to an address, and disconnect it from the address. bind() sets SOCK_BINDPORT_LOCK on sk->sk_userlocks (but not SOCK_BINDADDR_LOCK), and connect() calls udp_lib_hash4() to put the socket into the 4-tuple hash table. Then, __udp_disconnect() calls sk->sk_prot->rehash(sk). It computes a new hash based on the wildcard address and moves the socket to a new slot in the 4-tuple hash table, leaving a garbage in the chain that no packet hits. Let's remove such a socket from 4-tuple hash table when disconnected. Note that udp_sk(sk)->udp_portaddr_hash needs to be udpated after udp_hash4_dec(hslot2) in udp_unhash4().

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Mar 25, 2026
Last Updated	Apr 13, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

78c91ae2c6deb5d236a5a93ff2995cdd05514380 < b955350778b8715e1b7885179979b3a68221c0fb 78c91ae2c6deb5d236a5a93ff2995cdd05514380 < 3b8f104880c104151f8c30f2f89df81fb59a286c 78c91ae2c6deb5d236a5a93ff2995cdd05514380 < 6996a2d2d0a64808c19c98002aeb5d9d1b2df6a4

Linux / Linux

6.13

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/b955350778b8715e1b7885179979b3a68221c0fb git.kernel.org: https://git.kernel.org/stable/c/3b8f104880c104151f8c30f2f89df81fb59a286c git.kernel.org: https://git.kernel.org/stable/c/6996a2d2d0a64808c19c98002aeb5d9d1b2df6a4