{"id":"CVE-2026-23331","summary":"udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected.","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nudp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected.\n\nLet's say we bind() an UDP socket to the wildcard address with a\nnon-zero port, connect() it to an address, and disconnect it from\nthe address.\n\nbind() sets SOCK_BINDPORT_LOCK on sk-\u003esk_userlocks (but not\nSOCK_BINDADDR_LOCK), and connect() calls udp_lib_hash4() to put\nthe socket into the 4-tuple hash table.\n\nThen, __udp_disconnect() calls sk-\u003esk_prot-\u003erehash(sk).\n\nIt computes a new hash based on the wildcard address and moves\nthe socket to a new slot in the 4-tuple hash table, leaving a\ngarbage in the chain that no packet hits.\n\nLet's remove such a socket from 4-tuple hash table when disconnected.\n\nNote that udp_sk(sk)-\u003eudp_portaddr_hash needs to be udpated after\nudp_hash4_dec(hslot2) in udp_unhash4().","modified":"2026-04-02T13:12:21.601957Z","published":"2026-03-25T10:27:22.526Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23331.json"},"references":[{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3b8f104880c104151f8c30f2f89df81fb59a286c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6996a2d2d0a64808c19c98002aeb5d9d1b2df6a4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b955350778b8715e1b7885179979b3a68221c0fb"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23331.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23331"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"78c91ae2c6deb5d236a5a93ff2995cdd05514380"},{"fixed":"b955350778b8715e1b7885179979b3a68221c0fb"},{"fixed":"3b8f104880c104151f8c30f2f89df81fb59a286c"},{"fixed":"6996a2d2d0a64808c19c98002aeb5d9d1b2df6a4"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23331.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.17"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.7"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23331.json"}}],"schema_version":"1.7.5"}