Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-31471

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish mode_data after clone setup iptfs_clone_state() stores x->mode_data before allocating the reorder window. If that allocation fails, the code frees the cloned state and returns -ENOMEM, leaving x->mode_data pointing at freed memory. The xfrm clone unwind later runs destroy_state() through x->mode_data, so the failed clone path tears down IPTFS state that clone_state() already freed. Keep the cloned IPTFS state private until all allocations succeed so failed clones leave x->mode_data unset. The destroy path already handles a NULL mode_data pointer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 2.7%
CVSS Severity
CVSS v3 Score 7.8
Products affected by CVE-2026-31471


Contact Us

Shodan ® - All rights reserved