CVE-2026-31668 · threatengine.sh

Home/CVE/In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst_cache for input and output paths

CVE

CVE-2026-31668

In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst_cache for input and output paths

In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst_cache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dst_cache per encap route, shared between seg6_input_core() and seg6_output_core(). These two paths can perform the post-encap SID lookup in different routing contexts (e.g., ip rules matching on the ingress interface, or VRF table separation). Whichever path runs first populates the cache, and the other reuses it blindly, bypassing its own lookup.

Fix this by splitting the cache into cache_input and cache_output, so each path maintains its own cached dst independently.

CRITICAL · CVSS 9.8 EPSS 0.00076

Schedule remediation

CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

▤

Affected Products & Versions

8

linux kernel>= 4.10.1 and < 5.10.253
linux kernel>= 5.11 and < 5.15.203
linux kernel>= 5.16 and < 6.1.169
linux kernel>= 6.2 and < 6.6.135
linux kernel>= 6.7 and < 6.12.82
linux kernel>= 6.13 and < 6.18.23
linux kernel>= 6.19 and < 6.19.13
linux kernelall versions

▣

Scoring & Timeline

9.8

CRITICAL · CVSS v3.1 · 416baaa9-dc9f-4396-8d5f-8c081fb06d67

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD24 Apr 2026 · 03:16 PM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

⚑

Vendor Advisories

1

msrcCVE-2026-31668

🔗

References & Sources

8

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://git.kernel.org/stable/c/17d87d42874f5d6c1a0ccc6d9190dfe82a9a7a6aPatch

https://git.kernel.org/stable/c/1dec91d3b1cefb82635761b7812154af3ef46449Patch

https://git.kernel.org/stable/c/57d0374d14fa667dec6952173b93e7e84486d5c9Patch

https://git.kernel.org/stable/c/6305ad032b03d2ea4181b953a66e19a9a6ed053cPatch

https://git.kernel.org/stable/c/750569d6987a0ff46317a4b86eb3907e296287bfPatch

https://git.kernel.org/stable/c/84d458018b147176b259347103fccb7e93abd2b1Patch

Show all 8 references

https://git.kernel.org/stable/c/c3812651b522fe8437ebb7063b75ddb95b571643Patch

https://git.kernel.org/stable/c/fb56de5d99218de49d5d43ef3a99e062ecd0f9a1Patch

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin