Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Device Reference Management Vulnerability in XFRM Module

Vulnerability

A vulnerability exists in the Linux kernel's XFRM (IPsec) module, specifically in how device references are managed during asynchronous cryptographic operations. After such an operation completes, the function 'xfrm_input_resume' incorrectly releases the device reference before the associated socket buffer (skb) has been processed by 'transport_finish'. This premature release can lead to a race condition with device teardown, as the skb's device pointer may be accessed while it is being dismantled. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can cause a use-after-free condition, where a reference to a device is accessed after it has been released, potentially leading to memory corruption or a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed.

Added: Apr 24, 2026, 3:46 PM
Updated: Apr 24, 2026, 3:46 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
5.0
exploitability
5.0
remediation
7.7
relevance
6.5
threat
3.2
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.