CVE-2026-31671
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
An information leak was discovered in the build_report() function in the xfrm_user subsystem of the Linux kernel. The xfrm_user_report structure contains unzeroed padding bytes that are copied to userspace, potentially exposing kernel memory.
Risk Assessment
A local user may read fragments of kernel memory, which could lead to disclosure of sensitive information or facilitate further attacks on the system.
Recommendation
Immediately update the Linux kernel to a version containing the fix that zeroes the structure before filling it.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: xfrm_user: fix info leak in build_report() struct xfrm_user_report is a __u8 proto field followed by a struct xfrm_selector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to userspace. Fix that up by zeroing the structure before setting individual member variables.

