5.5
CVE-2026-31579
- EPSS 0.12%
- Veröffentlicht 24.04.2026 14:42:10
- Zuletzt bearbeitet 27.04.2026 20:43:29
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit
In the Linux kernel, the following vulnerability has been resolved:
wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit
wg_netns_pre_exit() manually acquires rtnl_lock() inside the
pernet .pre_exit callback. This causes a hung task when another
thread holds rtnl_mutex - the cleanup_net workqueue (or the
setup_net failure rollback path) blocks indefinitely in
wg_netns_pre_exit() waiting to acquire the lock.
Convert to .exit_rtnl, introduced in commit 7a60d91c690b ("net:
Add ->exit_rtnl() hook to struct pernet_operations."), where the
framework already holds RTNL and batches all callbacks under a
single rtnl_lock()/rtnl_unlock() pair, eliminating the contention
window.
The rcu_assign_pointer(wg->creating_net, NULL) is safe to move
from .pre_exit to .exit_rtnl (which runs after synchronize_rcu())
because all RCU readers of creating_net either use maybe_get_net()
- which returns NULL for a dying namespace with zero refcount - or
access net->user_ns which remains valid throughout the entire
ops_undo_list sequence.
[ Jason: added __net_exit and __read_mostly annotations that were missing. ]Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 6.18.24
Linux ≫ Linux Kernel Version >= 6.19 < 6.19.14
Linux ≫ Linux Kernel Version >= 7.0 < 7.0.1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.023 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://git.kernel.org/stable/c/9a9e69155b2091b8297afaf1533b8d68a3096841
https://git.kernel.org/stable/c/1c52ef00e391144334f10995985c2f256d4be982
https://git.kernel.org/stable/c/a1d0f6cbb962af29586e3e65a4bced1a5e39221f
https://git.kernel.org/stable/c/60a25ef8dacb3566b1a8c4de00572a498e2a3bf9