[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-31419":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":68,"related":69,"reserved_at":9,"published_at":70,"modified_at":71,"state":72,"summary":73,"references_raw":82,"kevs":101,"epss":102,"epss_history":105,"metrics":258,"affected":266},"CVE-2026-31419","In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bonding: fix use-after-free in bond_xmit_broadcast()\n\nbond_xmit_broadcast() reuses the original skb for the last slave\n(determined by bond_is_last_slave()) and clones it for others.\nConcurrent slave enslave/release can mutate the slave list during\nRCU-protected iteration, changing which slave is \"last\" mid-loop.\nThis causes the original skb to be double-consumed (double-freed).\n\nReplace the racy bond_is_last_slave() check with a simple index\ncomparison (i + 1 == slaves_count) against the pre-snapshot slave\ncount taken via READ_ONCE() before the loop.  This preserves the\nzero-copy optimization for the last slave while making the \"last\"\ndetermination stable against concurrent list mutations.\n\nThe UAF can trigger the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in skb_clone\nRead of size 8 at addr ffff888100ef8d40 by task exploit/147\n\nCPU: 1 UID: 0 PID: 147 Comm: exploit Not tainted 7.0.0-rc3+ #4 PREEMPTLAZY\nCall Trace:\n \u003CTASK>\n dump_stack_lvl (lib/dump_stack.c:123)\n print_report (mm/kasan/report.c:379 mm/kasan/report.c:482)\n kasan_report (mm/kasan/report.c:597)\n skb_clone (include/linux/skbuff.h:1724 include/linux/skbuff.h:1792 include/linux/skbuff.h:3396 net/core/skbuff.c:2108)\n bond_xmit_broadcast (drivers/net/bonding/bond_main.c:5334)\n bond_start_xmit (drivers/net/bonding/bond_main.c:5567 drivers/net/bonding/bond_main.c:5593)\n dev_hard_start_xmit (include/linux/netdevice.h:5325 include/linux/netdevice.h:5334 net/core/dev.c:3871 net/core/dev.c:3887)\n __dev_queue_xmit (include/linux/netdevice.h:3601 net/core/dev.c:4838)\n ip6_finish_output2 (include/net/neighbour.h:540 include/net/neighbour.h:554 net/ipv6/ip6_output.c:136)\n ip6_finish_output (net/ipv6/ip6_output.c:208 net/ipv6/ip6_output.c:219)\n ip6_output (net/ipv6/ip6_output.c:250)\n ip6_send_skb (net/ipv6/ip6_output.c:1985)\n udp_v6_send_skb (net/ipv6/udp.c:1442)\n udpv6_sendmsg (net/ipv6/udp.c:1733)\n __sys_sendto (net/socket.c:730 net/socket.c:742 net/socket.c:2206)\n __x64_sys_sendto (net/socket.c:2209)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n \u003C/TASK>\n\nAllocated by task 147:\n\nFreed by task 147:\n\nThe buggy address belongs to the object at ffff888100ef8c80\n which belongs to the cache skbuff_head_cache of size 224\nThe buggy address is located 192 bytes inside of\n freed 224-byte region [ffff888100ef8c80, ffff888100ef8d60)\n\nMemory state around the buggy address:\n ffff888100ef8c00: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc\n ffff888100ef8c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n>ffff888100ef8d00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n                                                    ^\n ffff888100ef8d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb\n ffff888100ef8e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n==================================================================",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-416","Use After Free","The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory \"belongs\" to the code that operates on the new pointer.","weakness","Stable","Variant","High",[],[],[],[],[24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66],{"_key":25},"DEBIAN-CVE-2026-31419",{"_key":27},"USN-8277-1",{"_key":29},"USN-8279-1",{"_key":31},"USN-8278-1",{"_key":33},"USN-8289-1",{"_key":35},"USN-8277-2",{"_key":37},"USN-8278-2",{"_key":39},"USN-8279-3",{"_key":41},"USN-8289-2",{"_key":43},"USN-8305-1",{"_key":45},"USN-8305-2",{"_key":47},"USN-8310-1",{"_key":49},"USN-8350-1",{"_key":51},"USN-8351-1",{"_key":53},"USN-8374-1",{"_key":55},"RHSA-2026:13566",{"_key":57},"RHSA-2026:19521",{"_key":59},"RHSA-2026:21209",{"_key":61},"RHSA-2026:22334",{"_key":63},"RHSA-2026:22900",{"_key":65},"RHSA-2026:22940",{"_key":67},"UBUNTU-CVE-2026-31419",[],[],"2026-04-13T13:40:23.279Z","2026-05-23T16:04:58.498Z","Analyzed",{"cisa_kev":74,"cisa_ransomware":74,"cisa_vendor":9,"epss_severity":75,"epss_score":76,"severity":77,"severity_score":78,"severity_version":79,"severity_source":80,"severity_vector":81,"severity_status":72},false,"low",0.00013,"high",7.8,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[83,89,93,97],{"url":84,"sources":85,"tags":87},"https://git.kernel.org/stable/c/d4cc7e4c80b1634c7b1497574a2fdb18df6c026c",[80,86],"nvd",[88],"Patch",{"url":90,"sources":91,"tags":92},"https://git.kernel.org/stable/c/f5b94654a4a19891a8108d66ef166de6c028c6cd",[80,86],[88],{"url":94,"sources":95,"tags":96},"https://git.kernel.org/stable/c/2884bf72fb8f03409e423397319205de48adca16",[80,86],[88],{"url":98,"sources":99,"tags":100},"https://git.kernel.org/stable/c/3453882f36c40d2339267093676585a89808a73d",[80,86],[88],[],{"date":103,"score":76,"percentile":104},"2026-06-04",0.02493,[106,110,113,116,119,122,126,129,132,135,138,141,144,147,150,153,156,159,162,165,167,170,173,176,179,182,185,188,190,192,195,198,202,205,207,210,213,216,219,222,225,228,231,234,237,240,243,246,249,251,254,257],{"date":107,"score":108,"percentile":109},"2026-04-14",0.00017,0.03894,{"date":111,"score":108,"percentile":112},"2026-04-15",0.03889,{"date":114,"score":108,"percentile":115},"2026-04-16",0.03904,{"date":117,"score":108,"percentile":118},"2026-04-17",0.03914,{"date":120,"score":108,"percentile":121},"2026-04-18",0.03916,{"date":123,"score":124,"percentile":125},"2026-04-19",0.00022,0.05864,{"date":127,"score":124,"percentile":128},"2026-04-20",0.05855,{"date":130,"score":124,"percentile":131},"2026-04-21",0.06029,{"date":133,"score":124,"percentile":134},"2026-04-22",0.06037,{"date":136,"score":124,"percentile":137},"2026-04-23",0.06057,{"date":139,"score":124,"percentile":140},"2026-04-24",0.06055,{"date":142,"score":124,"percentile":143},"2026-04-25",0.06091,{"date":145,"score":124,"percentile":146},"2026-04-26",0.06085,{"date":148,"score":124,"percentile":149},"2026-04-27",0.06076,{"date":151,"score":76,"percentile":152},"2026-04-28",0.02207,{"date":154,"score":76,"percentile":155},"2026-04-29",0.02217,{"date":157,"score":76,"percentile":158},"2026-04-30",0.022,{"date":160,"score":76,"percentile":161},"2026-05-01",0.02195,{"date":163,"score":76,"percentile":164},"2026-05-02",0.02181,{"date":166,"score":76,"percentile":164},"2026-05-03",{"date":168,"score":76,"percentile":169},"2026-05-04",0.02178,{"date":171,"score":76,"percentile":172},"2026-05-05",0.02174,{"date":174,"score":76,"percentile":175},"2026-05-06",0.02164,{"date":177,"score":76,"percentile":178},"2026-05-07",0.02363,{"date":180,"score":76,"percentile":181},"2026-05-08",0.02376,{"date":183,"score":76,"percentile":184},"2026-05-09",0.02403,{"date":186,"score":76,"percentile":187},"2026-05-10",0.02399,{"date":189,"score":76,"percentile":187},"2026-05-11",{"date":191,"score":76,"percentile":187},"2026-05-12",{"date":193,"score":76,"percentile":194},"2026-05-13",0.02411,{"date":196,"score":76,"percentile":197},"2026-05-14",0.02424,{"date":199,"score":200,"percentile":201},"2026-05-15",0.00015,0.03498,{"date":203,"score":200,"percentile":204},"2026-05-16",0.03506,{"date":206,"score":200,"percentile":204},"2026-05-17",{"date":208,"score":200,"percentile":209},"2026-05-18",0.03477,{"date":211,"score":200,"percentile":212},"2026-05-19",0.03471,{"date":214,"score":200,"percentile":215},"2026-05-20",0.03474,{"date":217,"score":200,"percentile":218},"2026-05-21",0.03472,{"date":220,"score":76,"percentile":221},"2026-05-22",0.02593,{"date":223,"score":76,"percentile":224},"2026-05-23",0.02587,{"date":226,"score":76,"percentile":227},"2026-05-24",0.02556,{"date":229,"score":76,"percentile":230},"2026-05-25",0.02543,{"date":232,"score":76,"percentile":233},"2026-05-26",0.02507,{"date":235,"score":76,"percentile":236},"2026-05-27",0.02524,{"date":238,"score":76,"percentile":239},"2026-05-28",0.02515,{"date":241,"score":76,"percentile":242},"2026-05-29",0.02522,{"date":244,"score":76,"percentile":245},"2026-05-30",0.02545,{"date":247,"score":76,"percentile":248},"2026-05-31",0.02539,{"date":250,"score":76,"percentile":242},"2026-06-01",{"date":252,"score":76,"percentile":253},"2026-06-02",0.02498,{"date":255,"score":76,"percentile":256},"2026-06-03",0.02491,{"date":103,"score":76,"percentile":104},[259,264],{"source":80,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":260,"cvss_v4_0":9},{"baseScore":78,"baseSeverity":261,"vectorString":81,"impactScore":262,"exploitabilityScore":263},"HIGH",9.8,4.6,{"source":86,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":265,"cvss_v4_0":9},{"baseScore":78,"baseSeverity":261,"vectorString":81,"impactScore":262,"exploitabilityScore":263},[267,307],{"ecosystem":9,"name":268,"vendor":269,"product":269,"cpe_part":270,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":271},"Linux","linux","a",[272,279,282,285,288,290,292,294,298,302,306],{"version":273,"is_range":274,"range_type":80,"version_start":275,"version_start_type":276,"version_end":277,"version_end_type":278,"fixed_in":9},">= 4e5bd03ae34652cd932ab4c91c71c511793df75c, \u003C 3453882f36c40d2339267093676585a89808a73d",true,"4e5bd03ae34652cd932ab4c91c71c511793df75c","including","3453882f36c40d2339267093676585a89808a73d","excluding",{"version":280,"is_range":274,"range_type":80,"version_start":275,"version_start_type":276,"version_end":281,"version_end_type":278,"fixed_in":9},">= 4e5bd03ae34652cd932ab4c91c71c511793df75c, \u003C d4cc7e4c80b1634c7b1497574a2fdb18df6c026c","d4cc7e4c80b1634c7b1497574a2fdb18df6c026c",{"version":283,"is_range":274,"range_type":80,"version_start":275,"version_start_type":276,"version_end":284,"version_end_type":278,"fixed_in":9},">= 4e5bd03ae34652cd932ab4c91c71c511793df75c, \u003C f5b94654a4a19891a8108d66ef166de6c028c6cd","f5b94654a4a19891a8108d66ef166de6c028c6cd",{"version":286,"is_range":274,"range_type":80,"version_start":275,"version_start_type":276,"version_end":287,"version_end_type":278,"fixed_in":9},">= 4e5bd03ae34652cd932ab4c91c71c511793df75c, \u003C 2884bf72fb8f03409e423397319205de48adca16","2884bf72fb8f03409e423397319205de48adca16",{"version":289,"is_range":74,"range_type":80,"version_start":289,"version_start_type":276,"version_end":289,"version_end_type":276,"fixed_in":9},"20949c3816463e97c6f8fe84c0280c7e5ae83a8d",{"version":291,"is_range":74,"range_type":80,"version_start":291,"version_start_type":276,"version_end":291,"version_end_type":276,"fixed_in":9},"f1d206181f19b00b275b258fea1418718a2f4173",{"version":293,"is_range":74,"range_type":80,"version_start":293,"version_start_type":276,"version_end":293,"version_end_type":276,"fixed_in":9},"c1f1691ef84fa6d38fa5e5148eca073145e97ffa",{"version":295,"is_range":274,"range_type":80,"version_start":296,"version_start_type":276,"version_end":297,"version_end_type":278,"fixed_in":9},">= 5.10.94, \u003C 5.11","5.10.94","5.11",{"version":299,"is_range":274,"range_type":80,"version_start":300,"version_start_type":276,"version_end":301,"version_end_type":278,"fixed_in":9},">= 5.15.17, \u003C 5.16","5.15.17","5.16",{"version":303,"is_range":274,"range_type":80,"version_start":304,"version_start_type":276,"version_end":305,"version_end_type":278,"fixed_in":9},">= 5.16.3, \u003C 5.17","5.16.3","5.17",{"version":305,"is_range":74,"range_type":80,"version_start":305,"version_start_type":276,"version_end":305,"version_end_type":276,"fixed_in":9},{"ecosystem":9,"name":308,"vendor":269,"product":309,"cpe_part":310,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":311},"linux kernel","linux_kernel","o",[312,315,317,319,322,326,330,332,334,336,338,340],{"version":313,"is_range":274,"range_type":314,"version_start":296,"version_start_type":276,"version_end":297,"version_end_type":278,"fixed_in":9},"gte5.10.94_lt5.11","cpe",{"version":316,"is_range":274,"range_type":314,"version_start":300,"version_start_type":276,"version_end":301,"version_end_type":278,"fixed_in":9},"gte5.15.17_lt5.16",{"version":318,"is_range":274,"range_type":314,"version_start":304,"version_start_type":276,"version_end":305,"version_end_type":278,"fixed_in":9},"gte5.16.3_lt5.17",{"version":320,"is_range":274,"range_type":314,"version_start":305,"version_start_type":276,"version_end":321,"version_end_type":278,"fixed_in":9},"gte5.17_lt6.12.86","6.12.86",{"version":323,"is_range":274,"range_type":314,"version_start":324,"version_start_type":276,"version_end":325,"version_end_type":278,"fixed_in":9},"gte6.13_lt6.18.22","6.13","6.18.22",{"version":327,"is_range":274,"range_type":314,"version_start":328,"version_start_type":276,"version_end":329,"version_end_type":278,"fixed_in":9},"gte6.19_lt6.19.12","6.19","6.19.12",{"version":331,"is_range":74,"range_type":314,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc1",{"version":333,"is_range":74,"range_type":314,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc2",{"version":335,"is_range":74,"range_type":314,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc3",{"version":337,"is_range":74,"range_type":314,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc4",{"version":339,"is_range":74,"range_type":314,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc5",{"version":341,"is_range":74,"range_type":314,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.0:rc6"]