CVE-2026-31533
Published: 23 April 2026
Summary
CVE-2026-31533 is a critical-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-11 (Error Handling).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely identification and remediation of flaws like this kernel use-after-free vulnerability through patching to the fixed commits.
SI-11 mandates secure error handling that prevents compromises from improper cleanup in error paths such as the -EBUSY case in tls_do_encryption.
SI-16 implements memory protections that mitigate use-after-free exploits resulting from corrupted encrypt_pending sentinels and premature tls_rec freeing.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated network trigger of kernel UAF in TLS send path directly enables exploitation of public-facing services (T1190), remote service exploitation (T1210), and kernel-level privilege escalation (T1068).
NVD Description
In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption The -EBUSY handling in tls_do_encryption(), introduced by commit 859054147318 ("net: tls: handle backlogging of crypto requests"), has a use-after-free due to…
more
double cleanup of encrypt_pending and the scatterlist entry. When crypto_aead_encrypt() returns -EBUSY, the request is enqueued to the cryptd backlog and the async callback tls_encrypt_done() will be invoked upon completion. That callback unconditionally restores the scatterlist entry (sge->offset, sge->length) and decrements ctx->encrypt_pending. However, if tls_encrypt_async_wait() returns an error, the synchronous error path in tls_do_encryption() performs the same cleanup again, double-decrementing encrypt_pending and double-restoring the scatterlist. The double-decrement corrupts the encrypt_pending sentinel (initialized to 1), making tls_encrypt_async_wait() permanently skip the wait for pending async callbacks. A subsequent sendmsg can then free the tls_rec via bpf_exec_tx_verdict() while a cryptd callback is still pending, resulting in a use-after-free when the callback fires on the freed record. Fix this by skipping the synchronous cleanup when the -EBUSY async wait returns an error, since the callback has already handled encrypt_pending and sge restoration.
Deeper analysisAI
CVE-2026-31533 is a use-after-free vulnerability in the Linux kernel's networking TLS (Transport Layer Security) subsystem, specifically within the tls_do_encryption() function in net/tls. The issue arises from improper handling of the -EBUSY error returned by crypto_aead_encrypt(), introduced by an earlier commit for managing crypto request backlogs. When -EBUSY occurs, the encryption request is enqueued asynchronously, but the synchronous error path in tls_do_encryption() performs cleanup (restoring scatterlist entry and decrementing ctx->encrypt_pending) that duplicates actions already handled by the pending async callback tls_encrypt_done(), leading to corruption.
A remote network attacker requires no privileges or user interaction to exploit this vulnerability. By triggering the -EBUSY condition during TLS encryption (e.g., via sendmsg operations), the attacker can corrupt the encrypt_pending sentinel (initialized to 1) through double-decrementing. This causes tls_encrypt_async_wait() to permanently skip waiting for async cryptd callbacks. A follow-on sendmsg can then free the tls_rec structure via bpf_exec_tx_verdict() while a callback remains pending, resulting in a use-after-free when the callback executes on the freed memory. The CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) reflects potential for high impacts on confidentiality, integrity, and availability.
Mitigation requires updating to a patched Linux kernel version. Fixes are available in stable kernel repositories via commits such as 02f3ecadb23558bbe068e6504118f1b712d4ece0, 0e43e0a3c94044acc74b8e0927c27972eb5a59e8, 2694d408b0e595024e0fc1d64ff9db0358580f74, 414fc5e5a5aff776c150f1b86770e0a25a35df3a, and 5d70eb25b41e9b010828cd12818b06a0c3b04412. These patches skip the synchronous cleanup in tls_do_encryption() when tls_encrypt_async_wait() returns an error, as the async callback already manages encrypt_pending and scatterlist restoration.
Details
- CWE(s)