CVE-2026-31678
openvswitch: defer tunnel netdev_put to RCU release
Description
In the Linux kernel, the following vulnerability has been resolved: openvswitch: defer tunnel netdev_put to RCU release ovs_netdev_tunnel_destroy() may run after NETDEV_UNREGISTER already detached the device. Dropping the netdev reference in destroy can race with concurrent readers that still observe vport->dev. Do not release vport->dev in ovs_netdev_tunnel_destroy(). Instead, let vport_netdev_free() drop the reference from the RCU callback, matching the non-tunnel destroy path and avoiding additional synchronization under RTNL.
INFO
Published Date :
April 25, 2026, 9:16 a.m.
Last Modified :
April 25, 2026, 9:16 a.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products
The following products are affected by CVE-2026-31678
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Do not release netdev in tunnel destroy function.
- Let RCU callback drop netdev reference.
- Match non-tunnel destroy path.
- Avoid additional synchronization under RTNL.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2026-31678.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2026-31678 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2026-31678
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-31678 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2026-31678 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Apr. 25, 2026
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: openvswitch: defer tunnel netdev_put to RCU release ovs_netdev_tunnel_destroy() may run after NETDEV_UNREGISTER already detached the device. Dropping the netdev reference in destroy can race with concurrent readers that still observe vport->dev. Do not release vport->dev in ovs_netdev_tunnel_destroy(). Instead, let vport_netdev_free() drop the reference from the RCU callback, matching the non-tunnel destroy path and avoiding additional synchronization under RTNL. Added Reference https://git.kernel.org/stable/c/42f0d3d81209654c08ffdde5a34b9b92d2645896 Added Reference https://git.kernel.org/stable/c/6931d21f87bc6d657f145798fad0bf077b82486c Added Reference https://git.kernel.org/stable/c/98b726ab5e2a4811e27c28e4d041f75bba147eab Added Reference https://git.kernel.org/stable/c/9d56aced21fb9c104e8a3f3be9b21fbafe448ffc Added Reference https://git.kernel.org/stable/c/b8c56a3fc5d879c0928f207a756b0f067f06c6a8 Added Reference https://git.kernel.org/stable/c/bbe7bd722bfaea36aab3da6cc60fb4a05c644643