CVE-2026-31532
Description
In the Linux kernel, the following vulnerability has been resolved:
can: raw: fix ro->uniq use-after-free in raw_rcv()
raw_release() unregisters raw CAN receive filters via can_rx_unregister(), but receiver deletion is deferred with call_rcu(). This leaves a window where raw_rcv() may still be running in an RCU read-side critical section after raw_release() frees ro->uniq, leading to a use-after-free of the percpu uniq storage.
Move free_percpu(ro->uniq) out of raw_release() and into a raw-specific socket destructor. can_rx_unregister() takes an extra reference to the socket and only drops it from the RCU callback, so freeing uniq from sk_destruct ensures the percpu area is not released until the relevant callbacks have drained.
[mkl: applied manually]
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
96- osv-coords94 versionspkg:apk/chainguard/linux-aws-6.12pkg:apk/chainguard/linux-aws-6.18pkg:apk/chainguard/linux-azure-6.18pkg:apk/chainguard/linux-gcp-6.18pkg:apk/chainguard/linux-qemu-6.12pkg:apk/chainguard/linux-qemu-6.18pkg:apk/chainguard/linux-qemu-6.18-bootc-boot-installedpkg:apk/chainguard/linux-vmware-6.12pkg:apk/chainguard/linux-vmware-6.18pkg:rpm/almalinux/bpftoolpkg:rpm/almalinux/kernelpkg:rpm/almalinux/kernel-64kpkg:rpm/almalinux/kernel-64k-corepkg:rpm/almalinux/kernel-64k-debugpkg:rpm/almalinux/kernel-64k-debug-corepkg:rpm/almalinux/kernel-64k-debug-develpkg:rpm/almalinux/kernel-64k-debug-devel-matchedpkg:rpm/almalinux/kernel-64k-debug-modulespkg:rpm/almalinux/kernel-64k-debug-modules-corepkg:rpm/almalinux/kernel-64k-debug-modules-extrapkg:rpm/almalinux/kernel-64k-develpkg:rpm/almalinux/kernel-64k-devel-matchedpkg:rpm/almalinux/kernel-64k-modulespkg:rpm/almalinux/kernel-64k-modules-corepkg:rpm/almalinux/kernel-64k-modules-extrapkg:rpm/almalinux/kernel-abi-stablelistspkg:rpm/almalinux/kernel-corepkg:rpm/almalinux/kernel-cross-headerspkg:rpm/almalinux/kernel-debugpkg:rpm/almalinux/kernel-debug-corepkg:rpm/almalinux/kernel-debug-develpkg:rpm/almalinux/kernel-debug-devel-matchedpkg:rpm/almalinux/kernel-debug-modulespkg:rpm/almalinux/kernel-debug-modules-corepkg:rpm/almalinux/kernel-debug-modules-extrapkg:rpm/almalinux/kernel-debug-uki-virtpkg:rpm/almalinux/kernel-develpkg:rpm/almalinux/kernel-devel-matchedpkg:rpm/almalinux/kernel-docpkg:rpm/almalinux/kernel-headerspkg:rpm/almalinux/kernel-modulespkg:rpm/almalinux/kernel-modules-corepkg:rpm/almalinux/kernel-modules-extrapkg:rpm/almalinux/kernel-modules-extra-matchedpkg:rpm/almalinux/kernel-rtpkg:rpm/almalinux/kernel-rt-64kpkg:rpm/almalinux/kernel-rt-64k-corepkg:rpm/almalinux/kernel-rt-64k-debugpkg:rpm/almalinux/kernel-rt-64k-debug-corepkg:rpm/almalinux/kernel-rt-64k-debug-develpkg:rpm/almalinux/kernel-rt-64k-debug-modulespkg:rpm/almalinux/kernel-rt-64k-debug-modules-corepkg:rpm/almalinux/kernel-rt-64k-debug-modules-extrapkg:rpm/almalinux/kernel-rt-64k-develpkg:rpm/almalinux/kernel-rt-64k-modulespkg:rpm/almalinux/kernel-rt-64k-modules-corepkg:rpm/almalinux/kernel-rt-64k-modules-extrapkg:rpm/almalinux/kernel-rt-corepkg:rpm/almalinux/kernel-rt-debugpkg:rpm/almalinux/kernel-rt-debug-corepkg:rpm/almalinux/kernel-rt-debug-develpkg:rpm/almalinux/kernel-rt-debug-modulespkg:rpm/almalinux/kernel-rt-debug-modules-corepkg:rpm/almalinux/kernel-rt-debug-modules-extrapkg:rpm/almalinux/kernel-rt-develpkg:rpm/almalinux/kernel-rt-modulespkg:rpm/almalinux/kernel-rt-modules-corepkg:rpm/almalinux/kernel-rt-modules-extrapkg:rpm/almalinux/kernel-toolspkg:rpm/almalinux/kernel-tools-libspkg:rpm/almalinux/kernel-tools-libs-develpkg:rpm/almalinux/kernel-uki-virtpkg:rpm/almalinux/kernel-uki-virt-addonspkg:rpm/almalinux/kernel-zfcpdumppkg:rpm/almalinux/kernel-zfcpdump-corepkg:rpm/almalinux/kernel-zfcpdump-develpkg:rpm/almalinux/kernel-zfcpdump-devel-matchedpkg:rpm/almalinux/kernel-zfcpdump-modulespkg:rpm/almalinux/kernel-zfcpdump-modules-corepkg:rpm/almalinux/kernel-zfcpdump-modules-extrapkg:rpm/almalinux/libperfpkg:rpm/almalinux/perfpkg:rpm/almalinux/python3-perfpkg:rpm/almalinux/rtlapkg:rpm/almalinux/rvpkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweedpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_84&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
< 6.12.85-r0+ 93 more
- (no CPE)range: < 6.12.85-r0
- (no CPE)range: < 6.18.31-r0
- (no CPE)range: < 6.18.31-r0
- (no CPE)range: < 6.18.31-r0
- (no CPE)range: < 6.12.85-r0
- (no CPE)range: < 6.18.31-r0
- (no CPE)range: < 6.18.31-r0
- (no CPE)range: < 6.12.85-r0
- (no CPE)range: < 6.18.31-r0
- (no CPE)range: < 4.18.0-553.126.1.el8_10
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 6.12.0-211.22.1.el10_2
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 5.14.0-687.10.1.el9_8
- (no CPE)range: < 7.0.3-1.1
- (no CPE)range: < 4.12.14-122.317.1
- (no CPE)range: < 4.12.14-122.317.1
- (no CPE)range: < 4.12.14-122.317.1
- (no CPE)range: < 4.12.14-122.317.1
- (no CPE)range: < 4.12.14-122.317.1
- (no CPE)range: < 4.12.14-122.317.1
- (no CPE)range: < 4.12.14-122.317.1
- (no CPE)range: < 1-8.7.1
Patches
Vulnerability mechanics
References
9- git.kernel.org/stable/c/1a0f2de81f7fbdc538fc72d7d74609b79bc83cc0nvdPatch
- git.kernel.org/stable/c/34c1741254ff972e8375faf176678a248826fe3anvdPatch
- git.kernel.org/stable/c/572f0bf536ebc14f6e7da3d21a85cf076de8358envdPatch
- git.kernel.org/stable/c/5e9cfffad898bbeaafd0ea608a6d267362f050fcnvdPatch
- git.kernel.org/stable/c/7201a531b9a5ed892bfda5ded9194ef622de8ffanvdPatch
- git.kernel.org/stable/c/a535a9217ca3f2fccedaafb2fddb4c48f27d36dcnvdPatch
- git.kernel.org/stable/c/1de30576a6dfeaaa27ef91fa272e6b9240b6fbd3nvd
- git.kernel.org/stable/c/3f43f12fde34737fba091b7e3ab391e14ddbb0benvd
- git.kernel.org/stable/c/64c8553decf5a5f2417bd54761ea0a832c56c4canvd
News mentions
0No linked articles in our index yet.