CVE-2026-31532

EUVD-2026-25219

23.04.2026, 12:17

In the Linux kernel, the following vulnerability has been resolved:

can: raw: fix ro->uniq use-after-free in raw_rcv()

raw_release() unregisters raw CAN receive filters via can_rx_unregister(),
but receiver deletion is deferred with call_rcu(). This leaves a window
where raw_rcv() may still be running in an RCU read-side critical section
after raw_release() frees ro->uniq, leading to a use-after-free of the
percpu uniq storage.

Move free_percpu(ro->uniq) out of raw_release() and into a raw-specific
socket destructor. can_rx_unregister() takes an extra reference to the
socket and only drops it from the RCU callback, so freeing uniq from
sk_destruct ensures the percpu area is not released until the relevant
callbacks have drained.

[mkl: applied manually]

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	4.1 ≤ 𝑥 ≤ 6.6.136
linux	linux_kernel	6.7 ≤ 𝑥 < 6.12.83
linux	linux_kernel	6.18 ≤ 𝑥 < 6.18.24
linux	linux_kernel	6.19 ≤ 𝑥 < 6.19.14
linux	linux_kernel	7.0 ≤ 𝑥 < 7.0.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	vulnerable
bookworm (security)	vulnerable
bullseye	vulnerable
bullseye (security)	vulnerable
forky	7.0.10-1 fixed
sid	7.0.10-1 fixed
trixie	6.12.86-1 fixed
trixie (security)	6.12.90-2 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

bpftool

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 8.4 AUS	0:4.18.0-305.192.1.el8_4 fixed
RHEL 8.8 E4S	0:4.18.0-477.143.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.143.1.el8_8 fixed

kernel

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 8.4 AUS	0:4.18.0-305.192.1.el8_4 fixed
RHEL 8.8 E4S	0:4.18.0-477.143.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.143.1.el8_8 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-64k

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-64k-core

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-64k-debug

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-64k-debug-core

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-64k-debug-devel

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-64k-debug-devel-matched

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-64k-debug-modules

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-64k-debug-modules-core

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-64k-debug-modules-extra

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-64k-devel

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-64k-devel-matched

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-64k-modules

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-64k-modules-core

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-64k-modules-extra

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-abi-stablelists

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 8.4 AUS	0:4.18.0-305.192.1.el8_4 fixed
RHEL 8.8 E4S	0:4.18.0-477.143.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.143.1.el8_8 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-core

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 8.4 AUS	0:4.18.0-305.192.1.el8_4 fixed
RHEL 8.8 E4S	0:4.18.0-477.143.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.143.1.el8_8 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-debug

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 8.4 AUS	0:4.18.0-305.192.1.el8_4 fixed
RHEL 8.8 E4S	0:4.18.0-477.143.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.143.1.el8_8 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-debug-core

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 8.4 AUS	0:4.18.0-305.192.1.el8_4 fixed
RHEL 8.8 E4S	0:4.18.0-477.143.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.143.1.el8_8 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-debug-devel

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 8.4 AUS	0:4.18.0-305.192.1.el8_4 fixed
RHEL 8.8 E4S	0:4.18.0-477.143.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.143.1.el8_8 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-debug-devel-matched

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-debug-modules

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 8.4 AUS	0:4.18.0-305.192.1.el8_4 fixed
RHEL 8.8 E4S	0:4.18.0-477.143.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.143.1.el8_8 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-debug-modules-core

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-debug-modules-extra

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 8.4 AUS	0:4.18.0-305.192.1.el8_4 fixed
RHEL 8.8 E4S	0:4.18.0-477.143.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.143.1.el8_8 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-debug-uki-virt

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-devel

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 8.4 AUS	0:4.18.0-305.192.1.el8_4 fixed
RHEL 8.8 E4S	0:4.18.0-477.143.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.143.1.el8_8 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-devel-matched

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-doc

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 8.4 AUS	0:4.18.0-305.192.1.el8_4 fixed
RHEL 8.8 E4S	0:4.18.0-477.143.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.143.1.el8_8 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-modules

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 8.4 AUS	0:4.18.0-305.192.1.el8_4 fixed
RHEL 8.8 E4S	0:4.18.0-477.143.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.143.1.el8_8 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-modules-core

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-modules-extra

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 8.4 AUS	0:4.18.0-305.192.1.el8_4 fixed
RHEL 8.8 E4S	0:4.18.0-477.143.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.143.1.el8_8 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-rt

RHEL 8	0:4.18.0-553.126.1.rt7.467.el8_10 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-rt-64k

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-rt-64k-core

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-rt-64k-debug

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-rt-64k-debug-core

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-rt-64k-debug-devel

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-rt-64k-debug-modules

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-rt-64k-debug-modules-core

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-rt-64k-debug-modules-extra

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-rt-64k-devel

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-rt-64k-modules

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-rt-64k-modules-core

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-rt-64k-modules-extra

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-rt-core

RHEL 8	0:4.18.0-553.126.1.rt7.467.el8_10 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-rt-debug

RHEL 8	0:4.18.0-553.126.1.rt7.467.el8_10 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-rt-debug-core

RHEL 8	0:4.18.0-553.126.1.rt7.467.el8_10 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-rt-debug-devel

RHEL 8	0:4.18.0-553.126.1.rt7.467.el8_10 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-rt-debug-kvm

RHEL 8

0:4.18.0-553.126.1.rt7.467.el8_10

fixed

kernel-rt-debug-modules

RHEL 8	0:4.18.0-553.126.1.rt7.467.el8_10 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-rt-debug-modules-core

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-rt-debug-modules-extra

RHEL 8	0:4.18.0-553.126.1.rt7.467.el8_10 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-rt-devel

RHEL 8	0:4.18.0-553.126.1.rt7.467.el8_10 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-rt-kvm

RHEL 8

0:4.18.0-553.126.1.rt7.467.el8_10

fixed

kernel-rt-modules

RHEL 8	0:4.18.0-553.126.1.rt7.467.el8_10 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-rt-modules-core

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-rt-modules-extra

RHEL 8	0:4.18.0-553.126.1.rt7.467.el8_10 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-tools

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 8.4 AUS	0:4.18.0-305.192.1.el8_4 fixed
RHEL 8.8 E4S	0:4.18.0-477.143.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.143.1.el8_8 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-tools-libs

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 8.4 AUS	0:4.18.0-305.192.1.el8_4 fixed
RHEL 8.8 E4S	0:4.18.0-477.143.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.143.1.el8_8 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-tools-libs-devel

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-uki-virt

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-uki-virt-addons

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-zfcpdump

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-zfcpdump-core

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-zfcpdump-devel

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-zfcpdump-devel-matched

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-zfcpdump-modules

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

kernel-zfcpdump-modules-core

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

kernel-zfcpdump-modules-extra

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

libperf

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

perf

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 8.4 AUS	0:4.18.0-305.192.1.el8_4 fixed
RHEL 8.8 E4S	0:4.18.0-477.143.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.143.1.el8_8 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

python3-perf

RHEL 8	0:4.18.0-553.126.1.el8_10 fixed
RHEL 8.4 AUS	0:4.18.0-305.192.1.el8_4 fixed
RHEL 8.8 E4S	0:4.18.0-477.143.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.143.1.el8_8 fixed
RHEL 9	0:5.14.0-687.10.1.el9_8 fixed

rtla

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

RHEL 9

0:5.14.0-687.10.1.el9_8

fixed

Amazon Linux Releases

Amazon Package

Release

bpftool

Amazon Linux 2023

1:6.1.174-217.345.amzn2023

fixed

bpftool-debuginfo

Amazon Linux 2023

1:6.1.174-217.345.amzn2023

fixed

bpftool6.12

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

bpftool6.12-debuginfo

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

bpftool6.18

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

bpftool6.18-debuginfo

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel

Amazon Linux 2023

1:6.1.174-217.345.amzn2023

fixed

kernel-debuginfo

Amazon Linux 2023

1:6.1.174-217.345.amzn2023

fixed

kernel-debuginfo-common-aarch64

Amazon Linux 2023

1:6.1.174-217.345.amzn2023

fixed

kernel-debuginfo-common-x86_64

Amazon Linux 2023

1:6.1.174-217.345.amzn2023

fixed

kernel-devel

Amazon Linux 2023

1:6.1.174-217.345.amzn2023

fixed

kernel-headers

Amazon Linux 2023

1:6.1.174-217.345.amzn2023

fixed

kernel-livepatch-6.1.174-217.345

Amazon Linux 2023

1:1.0-0.amzn2023

fixed

kernel-livepatch-6.12.83-113.160

Amazon Linux 2023

1:1.0-0.amzn2023

fixed

kernel-livepatch-6.18.25-55.108

Amazon Linux 2023

1:1.0-0.amzn2023

fixed

kernel-modules-extra

Amazon Linux 2023

1:6.1.174-217.345.amzn2023

fixed

kernel-modules-extra-common

Amazon Linux 2023

1:6.1.174-217.345.amzn2023

fixed

kernel-tools

Amazon Linux 2023

1:6.1.174-217.345.amzn2023

fixed

kernel-tools-debuginfo

Amazon Linux 2023

1:6.1.174-217.345.amzn2023

fixed

kernel-tools-devel

Amazon Linux 2023

1:6.1.174-217.345.amzn2023

fixed

kernel6.12

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-debuginfo

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-debuginfo-common-aarch64

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-debuginfo-common-x86_64

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-devel

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-headers

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-modules-extra

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-modules-extra-common

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-tools

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-tools-debuginfo

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.12-tools-devel

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

kernel6.18

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-debuginfo

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-debuginfo-common-aarch64

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-debuginfo-common-x86_64

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-devel

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-headers

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-modules-extra

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-modules-extra-common

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-tools

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-tools-debuginfo

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

kernel6.18-tools-devel

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

perf

Amazon Linux 2023

1:6.1.174-217.345.amzn2023

fixed

perf-debuginfo

Amazon Linux 2023

1:6.1.174-217.345.amzn2023

fixed

perf6.12

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

perf6.12-debuginfo

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

perf6.18

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

perf6.18-debuginfo

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

python3-perf

Amazon Linux 2023

1:6.1.174-217.345.amzn2023

fixed

python3-perf-debuginfo

Amazon Linux 2023

1:6.1.174-217.345.amzn2023

fixed

python3-perf6.12

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

python3-perf6.12-debuginfo

Amazon Linux 2023

1:6.12.83-113.160.amzn2023

fixed

python3-perf6.18

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

python3-perf6.18-debuginfo

Amazon Linux 2023

1:6.18.25-55.108.amzn2023

fixed

Azure Linux Releases

Azure Package

Release

kernel

Azure Linux 3.0

0:6.6.137.1-1.azl3

fixed

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen, Sicherheitsmaßnahmen zu umgehen, Informationen offenzulegen, andere nicht näher spezifizierte Auswirkungen zu verursachen und möglicherweise Code auszuführen.
Published: 2026-04-22T22:00:00+00:00

References

https://git.kernel.org/stable/c/1a0f2de81f7fbdc538fc72d7d74609b79bc83cc0

https://git.kernel.org/stable/c/1de30576a6dfeaaa27ef91fa272e6b9240b6fbd3

https://git.kernel.org/stable/c/34c1741254ff972e8375faf176678a248826fe3a

https://git.kernel.org/stable/c/3f43f12fde34737fba091b7e3ab391e14ddbb0be

https://git.kernel.org/stable/c/572f0bf536ebc14f6e7da3d21a85cf076de8358e

https://git.kernel.org/stable/c/5e9cfffad898bbeaafd0ea608a6d267362f050fc

https://git.kernel.org/stable/c/64c8553decf5a5f2417bd54761ea0a832c56c4ca

https://git.kernel.org/stable/c/7201a531b9a5ed892bfda5ded9194ef622de8ffa

https://git.kernel.org/stable/c/a535a9217ca3f2fccedaafb2fddb4c48f27d36dc