Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-31673
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-25 Apr, 2026 | 08:46
Updated At-27 Apr, 2026 | 14:04
Rejected At-
▼CVE Numbering Authority (CNA)
af_unix: read UNIX_DIAG_VFS data under unix_state_lock

In the Linux kernel, the following vulnerability has been resolved: af_unix: read UNIX_DIAG_VFS data under unix_state_lock Exact UNIX diag lookups hold a reference to the socket, but not to u->path. Meanwhile, unix_release_sock() clears u->path under unix_state_lock() and drops the path reference after unlocking. Read the inode and device numbers for UNIX_DIAG_VFS while holding unix_state_lock(), then emit the netlink attribute after dropping the lock. This keeps the VFS data stable while the reply is being built.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/unix/diag.c
Default Status
unaffected
Versions
Affected
  • From 5f7b0569460b7d8d01ca776430a00505a68b7584 before b9232421a77a649c9376c99fdfc8cb7f79cad34c (git)
  • From 5f7b0569460b7d8d01ca776430a00505a68b7584 before 0c739f3785f84af695952c2bac8be2f45082c9b8 (git)
  • From 5f7b0569460b7d8d01ca776430a00505a68b7584 before 900a4e0910e98b8caef117d5df00471fa438dcf9 (git)
  • From 5f7b0569460b7d8d01ca776430a00505a68b7584 before bdf206e740bf2919d818f132c8c9cc7ed91d11c0 (git)
  • From 5f7b0569460b7d8d01ca776430a00505a68b7584 before 39897df386376912d561d4946499379effa1e7ef (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • net/unix/diag.c
Default Status
affected
Versions
Affected
  • 3.3
Unaffected
  • From 0 before 3.3 (semver)
  • From 6.6.136 through 6.6.* (semver)
  • From 6.12.83 through 6.12.* (semver)
  • From 6.18.24 through 6.18.* (semver)
  • From 6.19.14 through 6.19.* (semver)
  • From 7.0 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/b9232421a77a649c9376c99fdfc8cb7f79cad34c
N/A
https://git.kernel.org/stable/c/0c739f3785f84af695952c2bac8be2f45082c9b8
N/A
https://git.kernel.org/stable/c/900a4e0910e98b8caef117d5df00471fa438dcf9
N/A
https://git.kernel.org/stable/c/bdf206e740bf2919d818f132c8c9cc7ed91d11c0
N/A
https://git.kernel.org/stable/c/39897df386376912d561d4946499379effa1e7ef
N/A
Hyperlink: https://git.kernel.org/stable/c/b9232421a77a649c9376c99fdfc8cb7f79cad34c
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/0c739f3785f84af695952c2bac8be2f45082c9b8
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/900a4e0910e98b8caef117d5df00471fa438dcf9
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/bdf206e740bf2919d818f132c8c9cc7ed91d11c0
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/39897df386376912d561d4946499379effa1e7ef
Resource: N/A
Details not found