๐Ÿ” CVE Alert

CVE-2026-31532

HIGH 7.8

can: raw: fix ro->uniq use-after-free in raw_rcv()

CVSS Score
7.8
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro->uniq use-after-free in raw_rcv() raw_release() unregisters raw CAN receive filters via can_rx_unregister(), but receiver deletion is deferred with call_rcu(). This leaves a window where raw_rcv() may still be running in an RCU read-side critical section after raw_release() frees ro->uniq, leading to a use-after-free of the percpu uniq storage. Move free_percpu(ro->uniq) out of raw_release() and into a raw-specific socket destructor. can_rx_unregister() takes an extra reference to the socket and only drops it from the RCU callback, so freeing uniq from sk_destruct ensures the percpu area is not released until the relevant callbacks have drained. [mkl: applied manually]

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published Apr 23, 2026
Last Updated Jun 1, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Linux / Linux
514ac99c64b22d83b52dfee3b8becaa69a92bc4a < 1de30576a6dfeaaa27ef91fa272e6b9240b6fbd3 514ac99c64b22d83b52dfee3b8becaa69a92bc4a < 64c8553decf5a5f2417bd54761ea0a832c56c4ca 514ac99c64b22d83b52dfee3b8becaa69a92bc4a < 3f43f12fde34737fba091b7e3ab391e14ddbb0be 514ac99c64b22d83b52dfee3b8becaa69a92bc4a < 5e9cfffad898bbeaafd0ea608a6d267362f050fc 514ac99c64b22d83b52dfee3b8becaa69a92bc4a < 572f0bf536ebc14f6e7da3d21a85cf076de8358e 514ac99c64b22d83b52dfee3b8becaa69a92bc4a < 1a0f2de81f7fbdc538fc72d7d74609b79bc83cc0 514ac99c64b22d83b52dfee3b8becaa69a92bc4a < 7201a531b9a5ed892bfda5ded9194ef622de8ffa 514ac99c64b22d83b52dfee3b8becaa69a92bc4a < 34c1741254ff972e8375faf176678a248826fe3a 514ac99c64b22d83b52dfee3b8becaa69a92bc4a < a535a9217ca3f2fccedaafb2fddb4c48f27d36dc
Linux / Linux
4.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/1de30576a6dfeaaa27ef91fa272e6b9240b6fbd3 git.kernel.org: https://git.kernel.org/stable/c/64c8553decf5a5f2417bd54761ea0a832c56c4ca git.kernel.org: https://git.kernel.org/stable/c/3f43f12fde34737fba091b7e3ab391e14ddbb0be git.kernel.org: https://git.kernel.org/stable/c/5e9cfffad898bbeaafd0ea608a6d267362f050fc git.kernel.org: https://git.kernel.org/stable/c/572f0bf536ebc14f6e7da3d21a85cf076de8358e git.kernel.org: https://git.kernel.org/stable/c/1a0f2de81f7fbdc538fc72d7d74609b79bc83cc0 git.kernel.org: https://git.kernel.org/stable/c/7201a531b9a5ed892bfda5ded9194ef622de8ffa git.kernel.org: https://git.kernel.org/stable/c/34c1741254ff972e8375faf176678a248826fe3a git.kernel.org: https://git.kernel.org/stable/c/a535a9217ca3f2fccedaafb2fddb4c48f27d36dc