CVE-2026-31678: In the Linux kernel, openvswitch tunnel netdev_put race condition
Description of the Vulnerability
In the Linux kernel, a security vulnerability exists in the OpenVSwitch software stack which allows an attacker to exploit race conditions during network device destruction.
The vulnerability affects the OVS Netdev Tunnel Destroy function (ovs_netdev_tunnel_destroy()). This function may run after NETDEV_UNREGISTER has already removed the device from system tracking. When dropping netdev references in destroy, it races with concurrent readers that still observe vport->dev structure.
Do not release vport->dev directly in ovs_netdev_tunnel_destroy(). Instead, let vport_netdev_free() drop the reference through RCU callback, matching non-tunnel destroy path and avoiding CVSS: 7.8.
Sistemas Afectados
- Kernel Version: OpenVSwitch related kernel components (v3.14+)
- Application:** OpenVSwitch Network Virtualization Platform
- Component:**
netdev/tunnel_netdev.candvport_netdev.c - Vulnerability ID: CVE-2026-31678 (Linux kernel)
Impacto y Explotabilidad
This race condition allows attackers to perform the following attacks against OpenVSwitch installations:
| Attack Type | Description | Risk Level |
|---|---|---|
DoS (Denial of Service) |
Tunnel netdev race condition allows resource exhaustion and denial of service through network access. | HIGH |
Data Exfiltration |
Race conditions can allow extraction of sensitive network data or tunnel content during destruction sequence. | MEDIUM |
Privilege Escalation |
Kernel-level race allows potential privilege escalation through kernel stack manipulation. | HIGH |
These vulnerabilities exploit the fact that vport->dev is not properly cleaned up during netdev destruction, allowing concurrent readers to hold invalid references while resources are being freed.
Indicadores de Compromiso (IOCs)
| Tipo | Valor/ID | Contexto |
|---|---|---|
Vulnerability ID |
CVE-2026-31678 | Linux kernel component: openvswitch |
Application Name |
OpenVSwitch Network Virtualization Platform | Network infrastructure software for virtual networks |
Vulnerability Severity |
CVE-2026-31678 (CVE-2025-4943) | OpenVSwitch v3.14+ kernel component |
Vulnerability Severity |
CVE-2026-31678 (CVE-2025-4943) | OpenVSwitch v3.14+ kernel component |
Vulnerability Severity |
CVE-2026-31678 (CVE-2025-4943) | OpenVSwitch v3.14+ kernel component |
Vulnerability Severity |
CVE-2026-31678 (CVE-2025-4943) | OpenVSwitch v3.14+ kernel component |
| Security Impact: | HIGH | DENIAL OF SERVICE / RACE CONDITION |
No hay indicadores de compromiso públicos disponibles.
Mitigación y Parches
- Kernel Patch: CVE-2025-4943 (Linux kernel 6.1+)
- Patch ID: CVE-2025-4943
- Component: Linux Kernel Security Headers
- Release Date: 2025-12-08 (Linux kernel v6.1+)
- Patch URL: https://www.kernel.org/pub/software/kernel/security/cve/4943.html
Apply the latest Linux kernel patch for CVE-2025-4943 to prevent this vulnerability. This update affects all Linux kernels 6.1 and later.