{"id":"CVE-2026-31518","summary":"esp: fix skb leak with espintcp and async crypto","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nesp: fix skb leak with espintcp and async crypto\n\nWhen the TX queue for espintcp is full, esp_output_tail_tcp will\nreturn an error and not free the skb, because with synchronous crypto,\nthe common xfrm output code will drop the packet for us.\n\nWith async crypto (esp_output_done), we need to drop the skb when\nesp_output_tail_tcp returns an error.","modified":"2026-06-24T18:29:18.392214462Z","published":"2026-04-22T13:54:34.191Z","related":["SUSE-SU-2026:22099-1","SUSE-SU-2026:22108-1","SUSE-SU-2026:22112-1","SUSE-SU-2026:22127-1","SUSE-SU-2026:22137-1","SUSE-SU-2026:2482-1","SUSE-SU-2026:2591-1","openSUSE-SU-2026:20965-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31518.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0c0eef8ccd2413b0a10eb6bbd3442333b1e64dd2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/41aafca57de4a4c026701622bd4648f112a9edcd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4820847e036ff1035b01b69ad68dfc17e7028fe9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6a3ec6efbc4f90e0ccb2e71574f07351f19996f4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6aa9841d917532d0f2d932d1ff2f3a94305aaf47"},{"type":"WEB","url":"https://git.kernel.org/stable/c/88d386243ed374ac969dabd3bbc1409a31d81818"},{"type":"WEB","url":"https://git.kernel.org/stable/c/aca3ad0c262f54a5b5c95dda80a48365997d1224"},{"type":"WEB","url":"https://git.kernel.org/stable/c/df6f995358dc1f3c42484f5cfe241d7bd3e1cd15"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31518.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31518"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"e27cca96cd68fa2c6814c90f9a1cfd36bb68c593"},{"fixed":"aca3ad0c262f54a5b5c95dda80a48365997d1224"},{"fixed":"41aafca57de4a4c026701622bd4648f112a9edcd"},{"fixed":"4820847e036ff1035b01b69ad68dfc17e7028fe9"},{"fixed":"6a3ec6efbc4f90e0ccb2e71574f07351f19996f4"},{"fixed":"df6f995358dc1f3c42484f5cfe241d7bd3e1cd15"},{"fixed":"88d386243ed374ac969dabd3bbc1409a31d81818"},{"fixed":"6aa9841d917532d0f2d932d1ff2f3a94305aaf47"},{"fixed":"0c0eef8ccd2413b0a10eb6bbd3442333b1e64dd2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31518.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.6.0"},{"fixed":"5.10.253"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.203"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.168"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.131"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.80"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.21"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.11"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31518.json"}}],"schema_version":"1.7.5"}