af_unix: read UNIX_DIAG_VFS data under unix_state_lock_CVE-2026-31673

{
    "lastseen": "",
    "description": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: read UNIX_DIAG_VFS data under unix_state_lock\n\nExact UNIX diag lookups hold a reference to the socket, but not to\nu->path. Meanwhile, unix_release_sock() clears u->path under\nunix_state_lock() and drops the path reference after unlocking.\n\nRead the inode and device numbers for UNIX_DIAG_VFS while holding\nunix_state_lock(), then emit the netlink attribute after dropping the\nlock.\n\nThis keeps the VFS data stable while the reply is being built.",
    "published": "2026-04-25T08:46:49.246Z",
    "modified": "2026-04-27T14:04:54.457Z",
    "type": "cve",
    "title": "af_unix: read UNIX_DIAG_VFS data under unix_state_lock",
    "source": "Linux",
    "references": "https://git.kernel.org/stable/c/b9232421a77a649c9376c99fdfc8cb7f79cad34c\nhttps://git.kernel.org/stable/c/0c739f3785f84af695952c2bac8be2f45082c9b8\nhttps://git.kernel.org/stable/c/900a4e0910e98b8caef117d5df00471fa438dcf9\nhttps://git.kernel.org/stable/c/bdf206e740bf2919d818f132c8c9cc7ed91d11c0\nhttps://git.kernel.org/stable/c/39897df386376912d561d4946499379effa1e7ef",
    "id": "CVE-2026-31673",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Linux Linux 5f7b0569460b7d8d01ca776430a00505a68b7584\nLinux Linux 5f7b0569460b7d8d01ca776430a00505a68b7584\nLinux Linux 5f7b0569460b7d8d01ca776430a00505a68b7584\nLinux Linux 5f7b0569460b7d8d01ca776430a00505a68b7584\nLinux Linux 5f7b0569460b7d8d01ca776430a00505a68b7584\nLinux Linux 3.3",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Linux",
    "version": "5f7b0569460b7d8d01ca776430a00505a68b7584",
    "vendor": "Linux",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}